amanytx
asked on
No Data flowing once VPN is established between Cisco VPN client and Cisco 2610 router
Hi experts, I just reconfigured a Cisco 2610 router to accept VPN connectios from portable machines using ciscp vpn client 4.0.5 The connection establishes perfectly and I get an ip from the router to my notebook just fine. But once I want to browse the internal network or even ping any device internally I get a time out error basically it deos not see anything. I tried adding the vpn pool to the access list since I beleive this is where I have the problem. Please advise and thanks in advance. The 2 permanent tunnels going to other routers are working just fine.
Router config
++++++++++++++++++++++++++ ++++++++++ ++++++++++ ++++++++++ ++++++++++ ++++++++++ ++++++++++ +
Building configuration...
Current configuration : 3778 bytes
!
version 12.3
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname JR1
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret 5 $1$0pII$/iAoFi4/LZUSdSFFrT x5S.
!
aaa new-model
!
!
aaa authentication login userauthen local
aaa authorization network groupauthor local
aaa session-id common
ip subnet-zero
ip cef
!
!
no ip domain lookup
!
ip audit po max-events 100
!
!
!
!
!
!
!
!
!
!
!
!
username administrator password 7 0325570A0B0A254D19584855
!
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
lifetime 3600
!
crypto isakmp policy 2
hash md5
authentication pre-share
lifetime 3600
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
crypto isakmp key alameda address 70.xx.xx.xx no-xauth
crypto isakmp key alameda address 70.xx.xx.xx no-xauth
!
crypto isakmp client configuration group xxxxxxxxxxxxx
key xxxxxxxxxxxxxx
dns 192.168.1.5
wins 192.168.1.5
domain xxxxxxxx.local
pool ippool
!
!
crypto ipsec transform-set cm-transformset-1 ah-md5-hmac esp-des esp-md5-hmac
crypto ipsec transform-set cm-transformset-2 ah-md5-hmac esp-des esp-md5-hmac
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
!
!
crypto map cm-cryptomap local-address Serial0/0.1
crypto map cm-cryptomap 1 ipsec-isakmp
set peer 70.xx.xx.xx
set transform-set cm-transformset-1
match address 100
crypto map cm-cryptomap 2 ipsec-isakmp
set peer 70.xx.xx.xx
set transform-set cm-transformset-2
match address 101
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!
!
interface Ethernet0/0
description connected to EthernetLAN
ip address 192.168.1.1 255.255.255.0
ip nat inside
full-duplex
!
interface Serial0/0
ip address 151.xx.xx.xx. 255.255.255.252
encapsulation frame-relay
no ip route-cache cef
no ip route-cache
service-module t1 timeslots 1-24
service-module t1 remote-alarm-enable
frame-relay lmi-type ansi
!
interface Serial0/0.1 point-to-point
description connected to Internet
ip address 70.xx.xx.xx 255.255.255.224
ip nat outside
no ip route-cache
frame-relay interface-dlci 706 IETF
crypto map clientmap
!
ip local pool ippool 14.1.1.245 14.1.1.250
ip nat inside source route-map nonat interface Serial0/0.1 overload
ip nat inside source static tcp 192.168.1.5 3389 70.xx.xx.xx 3389 extendable
ip nat inside source static tcp 192.168.1.21 3389 70.xx.xx.xx 3389 extendable
ip nat inside source static tcp 192.168.1.235 5000 70.xx.xx.xx 5000 extendabl
e
ip nat inside source static tcp 192.168.1.236 5001 70.xx.xx.xx 5001 extendabl
e
ip nat inside source static tcp 192.168.1.19 3389 70.xx.xx.xx 3389 extendable
no ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0.1
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 102 permit ip 192.168.1.0 0.0.0.255 14.1.1.0 0.0.0.255
access-list 110 deny ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 110 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 110 deny ip 192.168.1.0 0.0.0.255 14.1.1.0 0.0.0.255
access-list 110 permit ip 192.168.1.0 0.0.0.255 any
!
route-map nonat permit 10
match ip address 110
!
snmp-server location Alameda
snmp-server contact Armando Raynal,(915)227-7744
!
!
!
!
!
line con 0
exec-timeout 0 0
password 7 1533070D092F2F257F626472
line aux 0
line vty 0 4
password 7 0227085A06030B201B1F5849
!
!
Router config
++++++++++++++++++++++++++
Building configuration...
Current configuration : 3778 bytes
!
version 12.3
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname JR1
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret 5 $1$0pII$/iAoFi4/LZUSdSFFrT
!
aaa new-model
!
!
aaa authentication login userauthen local
aaa authorization network groupauthor local
aaa session-id common
ip subnet-zero
ip cef
!
!
no ip domain lookup
!
ip audit po max-events 100
!
!
!
!
!
!
!
!
!
!
!
!
username administrator password 7 0325570A0B0A254D19584855
!
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
lifetime 3600
!
crypto isakmp policy 2
hash md5
authentication pre-share
lifetime 3600
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
crypto isakmp key alameda address 70.xx.xx.xx no-xauth
crypto isakmp key alameda address 70.xx.xx.xx no-xauth
!
crypto isakmp client configuration group xxxxxxxxxxxxx
key xxxxxxxxxxxxxx
dns 192.168.1.5
wins 192.168.1.5
domain xxxxxxxx.local
pool ippool
!
!
crypto ipsec transform-set cm-transformset-1 ah-md5-hmac esp-des esp-md5-hmac
crypto ipsec transform-set cm-transformset-2 ah-md5-hmac esp-des esp-md5-hmac
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
!
!
crypto map cm-cryptomap local-address Serial0/0.1
crypto map cm-cryptomap 1 ipsec-isakmp
set peer 70.xx.xx.xx
set transform-set cm-transformset-1
match address 100
crypto map cm-cryptomap 2 ipsec-isakmp
set peer 70.xx.xx.xx
set transform-set cm-transformset-2
match address 101
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!
!
interface Ethernet0/0
description connected to EthernetLAN
ip address 192.168.1.1 255.255.255.0
ip nat inside
full-duplex
!
interface Serial0/0
ip address 151.xx.xx.xx. 255.255.255.252
encapsulation frame-relay
no ip route-cache cef
no ip route-cache
service-module t1 timeslots 1-24
service-module t1 remote-alarm-enable
frame-relay lmi-type ansi
!
interface Serial0/0.1 point-to-point
description connected to Internet
ip address 70.xx.xx.xx 255.255.255.224
ip nat outside
no ip route-cache
frame-relay interface-dlci 706 IETF
crypto map clientmap
!
ip local pool ippool 14.1.1.245 14.1.1.250
ip nat inside source route-map nonat interface Serial0/0.1 overload
ip nat inside source static tcp 192.168.1.5 3389 70.xx.xx.xx 3389 extendable
ip nat inside source static tcp 192.168.1.21 3389 70.xx.xx.xx 3389 extendable
ip nat inside source static tcp 192.168.1.235 5000 70.xx.xx.xx 5000 extendabl
e
ip nat inside source static tcp 192.168.1.236 5001 70.xx.xx.xx 5001 extendabl
e
ip nat inside source static tcp 192.168.1.19 3389 70.xx.xx.xx 3389 extendable
no ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0.1
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 102 permit ip 192.168.1.0 0.0.0.255 14.1.1.0 0.0.0.255
access-list 110 deny ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 110 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 110 deny ip 192.168.1.0 0.0.0.255 14.1.1.0 0.0.0.255
access-list 110 permit ip 192.168.1.0 0.0.0.255 any
!
route-map nonat permit 10
match ip address 110
!
snmp-server location Alameda
snmp-server contact Armando Raynal,(915)227-7744
!
!
!
!
!
line con 0
exec-timeout 0 0
password 7 1533070D092F2F257F626472
line aux 0
line vty 0 4
password 7 0227085A06030B201B1F5849
!
!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
will try and will get back
ASKER
Thanks it worked great!
ASKER