Solved

Cisco VPN Tunnel config help

Posted on 2006-06-29
3
322 Views
Last Modified: 2013-11-16
I need to change the ip address and location of a software base router from our dmz to the inside.
router IP = 172.16.1.2 change to 129.1.133.99.    The client behind the router is 10.6.1.41.  The client uses a vpn tunell to send information to  172.89.254.255 network.  What esle do I need to change?
thanks!!!!!!!!!!!!!

old config:
pdm location 10.6.1.41 255.255.255.255 dmz
static (dmz,outside) 12.99.104.85 10.6.1.41 netmask 255.255.255.255 0 0
route dmz 10.6.1.0 255.255.255.0 172.16.1.2
pdm location 10.6.1.0 255.255.255.0 dmz

access-list dmz_outbound_nat0_acl permit ip host 10.6.1.41 172.89.254.128 255.255.255.128
access-list dmz_outbound_nat0_acl permit ip interface dmz 172.89.254.128 255.255.255.128

nat (dmz) 0 access-list dmz_outbound_nat0_acl
nat (inside) 0 access-list vpn
access-list outside_cryptomap_40 permit ip host 10.6.1.41 172.89.254.128 255.255.255.128
access-list outside_cryptomap_40 permit ip interface dmz 172.89.254.128 255.255.255.128

crypto map vpn 40 ipsec-isakmp
crypto map vpn 40 match address outside_cryptomap_40
crypto map vpn 40 set peer 202.99.250.1
crypto map vpn 40 set transform-set vpnset



new:
here is what I have changed so far>>
pdm location 10.6.1.41 255.255.255.255 inside
pdm location 10.6.1.0 255.255.255.0 inside
static (inside,outside) 12.99.104.85 10.6.1.41 netmask 255.255.255.0 0
route inside 10.6.1.0 255.255.255.0 129.1.133.99
0
Comment
Question by:chshrmc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 11

Expert Comment

by:prueconsulting
ID: 17012765
Looking at this it appears that the VPN configuration has nothing to do with your client because the peer address is outside of the network.


But however if the peer is still the same and only the host sending the traffic changes from being in the DMZ to inside

You just have to add the host to the nat 0 line applied inside of your firewall
0
 

Author Comment

by:chshrmc
ID: 17012823
what would the syntax be for that?
0
 
LVL 11

Accepted Solution

by:
prueconsulting earned 500 total points
ID: 17013024
Syntax would be

access-list VPN-list permit ip host 10.6.1.41 172.89.254.128 255.255.255.128
access-list VPN-list permit ip interface inside 172.89.254.128 255.255.255.128
0

Featured Post

[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question