Advertisement

01.06.2008 at 08:56AM PST, ID: 23062086
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
7.0

Cisco IPSEC VPN problem

Asked by micross in MS Forefront-ISA, Virtual Private Networking (VPN), IPSec Security Protocol

Tags: , ,

Hi,
I am attempting to create an IPSEC tunnel between the office LAN (using ISA Server) and my home office which uses a Cisco 1841 router.  I have a tunnel of sorts up, but cannt pass any traffic in either direction.

This is extremely urgent, so any assistance would be appreciated.  I attach a running-config of the router...

Thanks in advance...Start Free Trial 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:
168:
169:
170:
171:
172:
173:
174:
175:
176:
177:
178:
179:
180:
181:
182:
183:
184:
185:
186:
187:
188:
189:
190:
191:
192:
193:

Current configuration : 5116 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 00184D436EB4
!
boot-start-marker
boot-end-marker
!
logging buffered 10000 debugging
enable secret xxx
!
no aaa new-model
!
resource policy
!
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.100.1 192.168.100.20
!
ip dhcp pool DHCP_POOL
   network 192.168.100.0 255.255.255.0
   dns-server 87.86.189.16
   default-router 192.168.100.1
!
!
ip name-server 87.86.189.16
!
!
crypto pki trustpoint TP-self-signed-3295619050
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3295619050
 revocation-check none
 rsakeypair TP-self-signed-3295619050
!
!
crypto pki certificate chain TP-self-signed-3295619050
 certificate self-signed 01
  30820244 308201AD A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33323935 36313930 3530301E 170D3038 30313036 31363235
  31305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 32393536
  31393035 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100B715 EB8B6CF6 84482736 25CF93A3 829E681D 38B6DD34 FC9F89E2 5F80FF7E
  9AA2320B A161B558 57155250 7CC7D656 33258835 D7747FF5 263EE0A9 8B0A4DB7
  DD0391C8 7FDA9A2A 2B811435 F8B99B49 4A975B17 1CD9DCA1 F4E74222 6C4E29EA
  434F8B25 50F37F41 477443F3 93E45CA8 0E09E6B4 34550628 D37BBAEF A33CDEFE
  55510203 010001A3 6C306A30 0F060355 1D130101 FF040530 030101FF 30170603
  551D1104 10300E82 0C303031 38344434 33364542 34301F06 03551D23 04183016
  8014DC36 FD2C5E7C 83D99AE2 385D342F 893C7263 DCDC301D 0603551D 0E041604
  14DC36FD 2C5E7C83 D99AE238 5D342F89 3C7263DC DC300D06 092A8648 86F70D01
  01040500 03818100 11B7C635 A7763199 E00BB45B 2FF16218 535165D2 FDA92655
  6169468F A4716FDC 9A5B3038 DE971B81 B6E5B756 FF1EFD4B E67AFF32 0FD99925
  91A99837 CA10E4D2 F7C1D367 743E50FD 733AE23C B130EA73 BDDE7D84 F1046B0D
  8F2DC148 0D3BDD55 1A850A0E 07EFC9E0 4A1C2021 E80C4A6C A48A3585 D223EF62
  0424C9D4 3335744B
  quit
username aaa password bbb
 
!
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key wombat123 address <ISA_SERVER>
!
!
crypto ipsec transform-set VPN1transform esp-3des esp-sha-hmac
!
crypto map VPN1 local-address Dialer0
crypto map VPN1 10 ipsec-isakmp
 set peer <ISA_SERVER>
 set transform-set VPN1transform
 match address 111
!
!
!
!
interface Tunnel0
 no ip address
!
interface FastEthernet0
 ip address 192.168.100.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface ATM0
 no ip address
 no ip unreachables
 no atm ilmi-keepalive
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 dsl operating-mode auto
!
interface Vlan1
 no ip address
!
interface Dialer0
 ip address negotiated previous
 ip access-group 101 in
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap callin
 ppp chap hostname QQQ
 ppp chap password WWW
 crypto map VPN1
!
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route <OFFICE_LAN> 255.255.255.0 <ISA_SERVER>
ip route <ISA_SERVER> 255.255.255.255 Dialer0
 
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 100 interface Dialer0 overload
!
access-list 10 permit <ISA_SERVER> 0.0.0.7
access-list 10 permit 192.168.100.0 0.0.0.255
access-list 100 deny   ip 192.168.100.0 0.0.0.255 <OFFICE_LAN> 0.0.0.255
access-list 100 permit ip 192.168.100.0 0.0.0.255 any
access-list 101 remark Allow DNS Resolution
access-list 101 permit udp any eq domain any
access-list 101 remark Allow established connections
access-list 101 permit tcp any any established
access-list 101 remark Allow remote access
access-list 101 permit ip <ISA_SERVER> 0.0.0.7 any
access-list 101 permit udp host <ISA_SERVER any eq isakmp
access-list 101 permit esp host <ISA_SERVER any
access-list 101 permit gre host <ISA_SERVER any
access-list 101 permit ip host <ISA_SERVER any
access-list 111 permit ip 192.168.100.0 0.0.0.255 <OFFICE_LAN> 0.0.0.255
!
!
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 access-class 10 in
 password QQQ
 login local
 transport input telnet ssh
!
!
webvpn context Default_context
 ssl authenticate verify all
 !
 no inservice
!
end
[+][-]01.06.2008 at 10:11AM PST, ID: 20594837

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]01.06.2008 at 01:23PM PST, ID: 20595662

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]01.06.2008 at 01:50PM PST, ID: 20595773

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]01.06.2008 at 02:05PM PST, ID: 20595824

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: MS Forefront-ISA, Virtual Private Networking (VPN), IPSec Security Protocol
Tags: cisco, router, 1841
Sign Up Now!
Solution Provided By: poweruser32
Participating Experts: 1
Solution Grade: B
 
 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628