Solved

Cisco VPN Tunnel config help

Posted on 2006-06-29
3
314 Views
Last Modified: 2013-11-16
I need to change the ip address and location of a software base router from our dmz to the inside.
router IP = 172.16.1.2 change to 129.1.133.99.    The client behind the router is 10.6.1.41.  The client uses a vpn tunell to send information to  172.89.254.255 network.  What esle do I need to change?
thanks!!!!!!!!!!!!!

old config:
pdm location 10.6.1.41 255.255.255.255 dmz
static (dmz,outside) 12.99.104.85 10.6.1.41 netmask 255.255.255.255 0 0
route dmz 10.6.1.0 255.255.255.0 172.16.1.2
pdm location 10.6.1.0 255.255.255.0 dmz

access-list dmz_outbound_nat0_acl permit ip host 10.6.1.41 172.89.254.128 255.255.255.128
access-list dmz_outbound_nat0_acl permit ip interface dmz 172.89.254.128 255.255.255.128

nat (dmz) 0 access-list dmz_outbound_nat0_acl
nat (inside) 0 access-list vpn
access-list outside_cryptomap_40 permit ip host 10.6.1.41 172.89.254.128 255.255.255.128
access-list outside_cryptomap_40 permit ip interface dmz 172.89.254.128 255.255.255.128

crypto map vpn 40 ipsec-isakmp
crypto map vpn 40 match address outside_cryptomap_40
crypto map vpn 40 set peer 202.99.250.1
crypto map vpn 40 set transform-set vpnset



new:
here is what I have changed so far>>
pdm location 10.6.1.41 255.255.255.255 inside
pdm location 10.6.1.0 255.255.255.0 inside
static (inside,outside) 12.99.104.85 10.6.1.41 netmask 255.255.255.0 0
route inside 10.6.1.0 255.255.255.0 129.1.133.99
0
Comment
Question by:chshrmc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 11

Expert Comment

by:prueconsulting
ID: 17012765
Looking at this it appears that the VPN configuration has nothing to do with your client because the peer address is outside of the network.


But however if the peer is still the same and only the host sending the traffic changes from being in the DMZ to inside

You just have to add the host to the nat 0 line applied inside of your firewall
0
 

Author Comment

by:chshrmc
ID: 17012823
what would the syntax be for that?
0
 
LVL 11

Accepted Solution

by:
prueconsulting earned 500 total points
ID: 17013024
Syntax would be

access-list VPN-list permit ip host 10.6.1.41 172.89.254.128 255.255.255.128
access-list VPN-list permit ip interface inside 172.89.254.128 255.255.255.128
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
exact syntax to permit ipfilter rules in Solaris 10 x86 2 72
perimeter firewall HA impact on outages 2 67
Probable TCP NULL scan detected 10 413
SSH over http/https 8 168
Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question