Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco VPN Tunnel config help

Posted on 2006-06-29
3
Medium Priority
?
329 Views
Last Modified: 2013-11-16
I need to change the ip address and location of a software base router from our dmz to the inside.
router IP = 172.16.1.2 change to 129.1.133.99.    The client behind the router is 10.6.1.41.  The client uses a vpn tunell to send information to  172.89.254.255 network.  What esle do I need to change?
thanks!!!!!!!!!!!!!

old config:
pdm location 10.6.1.41 255.255.255.255 dmz
static (dmz,outside) 12.99.104.85 10.6.1.41 netmask 255.255.255.255 0 0
route dmz 10.6.1.0 255.255.255.0 172.16.1.2
pdm location 10.6.1.0 255.255.255.0 dmz

access-list dmz_outbound_nat0_acl permit ip host 10.6.1.41 172.89.254.128 255.255.255.128
access-list dmz_outbound_nat0_acl permit ip interface dmz 172.89.254.128 255.255.255.128

nat (dmz) 0 access-list dmz_outbound_nat0_acl
nat (inside) 0 access-list vpn
access-list outside_cryptomap_40 permit ip host 10.6.1.41 172.89.254.128 255.255.255.128
access-list outside_cryptomap_40 permit ip interface dmz 172.89.254.128 255.255.255.128

crypto map vpn 40 ipsec-isakmp
crypto map vpn 40 match address outside_cryptomap_40
crypto map vpn 40 set peer 202.99.250.1
crypto map vpn 40 set transform-set vpnset



new:
here is what I have changed so far>>
pdm location 10.6.1.41 255.255.255.255 inside
pdm location 10.6.1.0 255.255.255.0 inside
static (inside,outside) 12.99.104.85 10.6.1.41 netmask 255.255.255.0 0
route inside 10.6.1.0 255.255.255.0 129.1.133.99
0
Comment
Question by:chshrmc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 11

Expert Comment

by:prueconsulting
ID: 17012765
Looking at this it appears that the VPN configuration has nothing to do with your client because the peer address is outside of the network.


But however if the peer is still the same and only the host sending the traffic changes from being in the DMZ to inside

You just have to add the host to the nat 0 line applied inside of your firewall
0
 

Author Comment

by:chshrmc
ID: 17012823
what would the syntax be for that?
0
 
LVL 11

Accepted Solution

by:
prueconsulting earned 1500 total points
ID: 17013024
Syntax would be

access-list VPN-list permit ip host 10.6.1.41 172.89.254.128 255.255.255.128
access-list VPN-list permit ip interface inside 172.89.254.128 255.255.255.128
0

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question