Solved

Cisco VPN Tunnel config help

Posted on 2006-06-29
3
299 Views
Last Modified: 2013-11-16
I need to change the ip address and location of a software base router from our dmz to the inside.
router IP = 172.16.1.2 change to 129.1.133.99.    The client behind the router is 10.6.1.41.  The client uses a vpn tunell to send information to  172.89.254.255 network.  What esle do I need to change?
thanks!!!!!!!!!!!!!

old config:
pdm location 10.6.1.41 255.255.255.255 dmz
static (dmz,outside) 12.99.104.85 10.6.1.41 netmask 255.255.255.255 0 0
route dmz 10.6.1.0 255.255.255.0 172.16.1.2
pdm location 10.6.1.0 255.255.255.0 dmz

access-list dmz_outbound_nat0_acl permit ip host 10.6.1.41 172.89.254.128 255.255.255.128
access-list dmz_outbound_nat0_acl permit ip interface dmz 172.89.254.128 255.255.255.128

nat (dmz) 0 access-list dmz_outbound_nat0_acl
nat (inside) 0 access-list vpn
access-list outside_cryptomap_40 permit ip host 10.6.1.41 172.89.254.128 255.255.255.128
access-list outside_cryptomap_40 permit ip interface dmz 172.89.254.128 255.255.255.128

crypto map vpn 40 ipsec-isakmp
crypto map vpn 40 match address outside_cryptomap_40
crypto map vpn 40 set peer 202.99.250.1
crypto map vpn 40 set transform-set vpnset



new:
here is what I have changed so far>>
pdm location 10.6.1.41 255.255.255.255 inside
pdm location 10.6.1.0 255.255.255.0 inside
static (inside,outside) 12.99.104.85 10.6.1.41 netmask 255.255.255.0 0
route inside 10.6.1.0 255.255.255.0 129.1.133.99
0
Comment
Question by:chshrmc
  • 2
3 Comments
 
LVL 11

Expert Comment

by:prueconsulting
ID: 17012765
Looking at this it appears that the VPN configuration has nothing to do with your client because the peer address is outside of the network.


But however if the peer is still the same and only the host sending the traffic changes from being in the DMZ to inside

You just have to add the host to the nat 0 line applied inside of your firewall
0
 

Author Comment

by:chshrmc
ID: 17012823
what would the syntax be for that?
0
 
LVL 11

Accepted Solution

by:
prueconsulting earned 500 total points
ID: 17013024
Syntax would be

access-list VPN-list permit ip host 10.6.1.41 172.89.254.128 255.255.255.128
access-list VPN-list permit ip interface inside 172.89.254.128 255.255.255.128
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Content Filtering 1 to 1 Peer Review 1 104
FQDN config to internal server 3 41
Opening Port 80 10 66
centos7 firewalld udp ports 33 78
Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question