Solved

Cisco VPN Tunnel config help

Posted on 2006-06-29
3
307 Views
Last Modified: 2013-11-16
I need to change the ip address and location of a software base router from our dmz to the inside.
router IP = 172.16.1.2 change to 129.1.133.99.    The client behind the router is 10.6.1.41.  The client uses a vpn tunell to send information to  172.89.254.255 network.  What esle do I need to change?
thanks!!!!!!!!!!!!!

old config:
pdm location 10.6.1.41 255.255.255.255 dmz
static (dmz,outside) 12.99.104.85 10.6.1.41 netmask 255.255.255.255 0 0
route dmz 10.6.1.0 255.255.255.0 172.16.1.2
pdm location 10.6.1.0 255.255.255.0 dmz

access-list dmz_outbound_nat0_acl permit ip host 10.6.1.41 172.89.254.128 255.255.255.128
access-list dmz_outbound_nat0_acl permit ip interface dmz 172.89.254.128 255.255.255.128

nat (dmz) 0 access-list dmz_outbound_nat0_acl
nat (inside) 0 access-list vpn
access-list outside_cryptomap_40 permit ip host 10.6.1.41 172.89.254.128 255.255.255.128
access-list outside_cryptomap_40 permit ip interface dmz 172.89.254.128 255.255.255.128

crypto map vpn 40 ipsec-isakmp
crypto map vpn 40 match address outside_cryptomap_40
crypto map vpn 40 set peer 202.99.250.1
crypto map vpn 40 set transform-set vpnset



new:
here is what I have changed so far>>
pdm location 10.6.1.41 255.255.255.255 inside
pdm location 10.6.1.0 255.255.255.0 inside
static (inside,outside) 12.99.104.85 10.6.1.41 netmask 255.255.255.0 0
route inside 10.6.1.0 255.255.255.0 129.1.133.99
0
Comment
Question by:chshrmc
  • 2
3 Comments
 
LVL 11

Expert Comment

by:prueconsulting
ID: 17012765
Looking at this it appears that the VPN configuration has nothing to do with your client because the peer address is outside of the network.


But however if the peer is still the same and only the host sending the traffic changes from being in the DMZ to inside

You just have to add the host to the nat 0 line applied inside of your firewall
0
 

Author Comment

by:chshrmc
ID: 17012823
what would the syntax be for that?
0
 
LVL 11

Accepted Solution

by:
prueconsulting earned 500 total points
ID: 17013024
Syntax would be

access-list VPN-list permit ip host 10.6.1.41 172.89.254.128 255.255.255.128
access-list VPN-list permit ip interface inside 172.89.254.128 255.255.255.128
0

Featured Post

Watch Anatomy of a Wi-Fi Hack On-Demand

In less than a weekend, anyone with Internet access and some free time can become a Wi-Fi MitM to wreak havoc on your network. View our Wi-Fi Expert in an on-demand episode of our Secure Wi-Fi mini-series as he explores the motives, execution, and anatomy of a Wi-Fi hack.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question