[x]
Posted via EE Mobile

Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.
Question
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
9.0

Configure Cisco 837 VPN with VPN Client

Asked by mark_06 in Virtual Private Networking (VPN), Network Routers, IPSec Security Protocol

Tags: Cisco 837, VPN

HI,

I am currently trying to configure a VPN between the Cisco VPN client and my Cisco 837 security router. I can successfully establish a connection and the VPN client says its connected and I get an IP Address of the 837's LAN on my computer. However I cannot communicate between my computer and the remote LAN, so I cant even ping a device on the remote LAN or the 837. It seems that there is no routing taking place, however I cannot work it out.

I have attached a show run (with password etc, removed).

I was wondering if anyone here had any idea?

Thanks

Mark 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:
168:
169:
170:
171:
172:
173:
174:
175:
176:
177:
178:
179:
180:
181:
182:
183:
184:
185:
186:
187:
188:
189:
190:
191:
192:
193:
194:
195:
196:
197:
198:
199:
200:
201:
202:
203:
204:
205:
206:
207:
208:
209:
210:
211:
212:
213:
214:
215:
216:
217:
218:
219:
220:
221:
222:
223:
224:
225:
226:
227:
228:

!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router1
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 xxxxxxxxxxxxxxxxx
!
aaa new-model
!
!
aaa authentication login clientauth local
aaa authorization network groupauthor local
!
aaa session-id common
!
!
!
!
ip cef
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
!
!
!
username user1 password 7 xxxxxxxxxxx
username user2 privilege 15 password xxxxxxxx
!
class-map match-any VoIP
 match access-group 130
!
!
policy-map VoIP-QoS
 class VoIP
  priority percent 65
  set dscp ef
 class class-default
  fair-queue
!
!
crypto keyring spokes
  pre-shared-key address 0.0.0.0 0.0.0.0 key abcdefg1234567
!
crypto isakmp policy 10
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp client configuration group testgroup
 key abcdefg1234567
 dns 192.168.1.1
 wins 192.168.1.1
 domain mine.local
 pool ippool
crypto isakmp profile VPNclient
   description VPN clients profile
   match identity group testgroup
   client authentication list clientauth
   isakmp authorization list groupauthor
   client configuration address respond
crypto isakmp profile L2L
   description LAN-to-LAN for spoke router(s) connection
   keyring spokes
   match identity address 0.0.0.0
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 5
 set transform-set myset
 set isakmp-profile VPNclient
crypto dynamic-map dynmap 10
 set transform-set myset
 set isakmp-profile L2L
!
!
crypto map mymap 10 ipsec-isakmp dynamic dynmap
!
!
!
interface Loopback2
 ip address 1.1.1.1 255.255.255.0
!
interface Ethernet0
 ip address 192.168.4.254 255.255.255.0
 ip access-group 122 out
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
 ip policy route-map nonat
 hold-queue 100 out
!
interface Ethernet2
 no ip address
 shutdown
 hold-queue 100 out
!
interface ATM0
 no ip address
 atm vc-per-vp 64
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface ATM0.3 point-to-point
 description DSL
 no snmp trap link-status
 pvc 8/35
  ubr 384
  encapsulation aal5mux ppp dialer
  dialer pool-member 3
 !
!
interface FastEthernet1
 duplex auto
 speed auto
!
interface FastEthernet2
 duplex auto
 speed auto
!
interface FastEthernet3
 duplex auto
 speed auto
!
interface FastEthernet4
 duplex auto
 speed auto
!
interface Dialer3
 description ISP Dialer
 bandwidth 384
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 3
 no cdp enable
 ppp authentication pap callin
 ppp chap refuse
 ppp pap sent-username xxx@xxx.xxx password xxxxxxxxxxxx
 crypto map mymap
!
interface Dialer1
 no ip address
!
ip local pool ippool 192.168.4.193 192.168.4.222
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer3
ip route 192.168.1.0 255.255.255.0 192.168.4.2
ip route 192.168.2.0 255.255.255.0 192.168.4.2
ip route 192.168.3.0 255.255.255.0 192.168.4.2
!
ip http server
no ip http secure-server
!
ip nat inside source list 100 interface Dialer3 overload
!
no access-list 100 deny   ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255
no access-list 100 permit ip 192.168.4.0 0.0.0.255 any
no access-list 111 permit tcp any any eq telnet
no access-list 111 permit icmp any any administratively-prohibited
no access-list 111 permit icmp any any echo
no access-list 111 permit icmp any any echo-reply
no access-list 111 permit icmp any any packet-too-big
no access-list 111 permit icmp any any time-exceeded
no access-list 111 permit icmp any any traceroute
no access-list 111 permit icmp any any unreachable
no access-list 111 permit udp any eq bootps any eq bootpc
no access-list 111 permit udp any eq bootps any eq bootps
no access-list 111 permit udp any eq domain any
no access-list 111 permit esp any any
no access-list 111 permit udp any any eq isakmp
no access-list 111 permit udp any any eq 10000
no access-list 111 permit tcp any any eq 1723
no access-list 111 permit tcp any any eq 139
no access-list 111 permit udp any any eq netbios-ns
no access-list 111 permit udp any any eq netbios-dgm
no access-list 111 permit gre any any
no access-list 111 deny   ip any any
no access-list 112 permit ip 192.168.32.0 0.0.0.255 192.168.1.0 0.0.0.255
no access-list 114 permit ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255
no access-list 122 deny   tcp any any eq telnet
no access-list 122 permit ip any any
no access-list 130 permit ip host 192.168.32.120 any
no access-list 152 permit ip 192.168.32.0 0.0.0.255 192.168.1.0 0.0.0.255
no dialer-list 1 protocol ip permit
!
route-map nonat permit 10
 match ip address 152
 set ip next-hop 1.1.1.2
!
!
!
control-plane
!
!
line con 0
 password xxxxxxx
 no modem enable
 transport output all
line aux 0
 transport output all
line vty 0 4
 exec-timeout 120 0
 password xxxxxxxx
 length 0
 transport input all
 transport output all
!
scheduler max-task-time 5000
end
[+][-]03/29/09 11:58 AM, ID: 24013987Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]03/29/09 08:54 PM, ID: 24015906Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]03/30/09 12:54 AM, ID: 24016705Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]03/30/09 12:59 AM, ID: 24016729Accepted Solution

View this solution now by starting your 30-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

About this solution

Zones: Virtual Private Networking (VPN), Network Routers, IPSec Security Protocol
Tags: Cisco 837, VPN
Sign Up Now!
Solution Provided By: mitrushi
Participating Experts: 1
Solution Grade: A
 
 
Loading Advertisement...
20091111-EE-VQP-89 - Hierarchy / EE_QW_3_20080625