troubleshooting Question

VPN Tunneling with a Cisco 851 on Verizon DSL

Avatar of bhobson_2000
bhobson_2000Flag for United States of America asked on
RoutersCiscoVPN
4 Comments1 Solution909 ViewsLast Modified:
I have a Cisco 851 that I've configured to construct a VPN tunnel back to a PIX 515.  The 851 is working on Verizon DSL, I can ping out to the internet from the router, but I can ping inside across the tunnel, and none of the machines plugged into the ports on the 851 can ping to the internet.  I'm a novice (translation, I don't know what I'm doing but I fake it really well), but I'm 99% certain that everything is correct on the PIX, all the same I'll copy up any pertinent info asked of me.  I'll post a fairly sterilized config off the 851 below, if any guru's can help me out it would be much appreciated!!!

version 12.4            
no service pad              
service timestamps debug datetime msec                                      
service timestamps log datetime msec                                    
no service password-encryption                              
!
hostname Cisco851                      
!
boot-start-mar            
boot-end-marker              
!
logging buffered 51200 warnings                              
!
no aaa new-model                
!
resource policy              
!
memory-size iomem 25                    
ip subnet-zero              
no ip dhcp use vrf connected                            
ip dhcp excluded-address 10.134.1.1 10.134.1.20                                              
!
ip dhcp pool pool1                  
   network 10.134.1.0 255.255.255.0                                  
   default-router 10.134.1.1                            
   dns-server 10.2.1.10 10.2.1.20                                
!
!
ip cef      
ip domain name DomainName                              
ip ssh time-out 45                  
!
!
crypto pki trustpoint TP-self-signed-1234567890                                              
 enrollment selfsigned                      
 subject-name cn=IOS-Self-Signed-Certificate-1234567890                                                      
 revocation-check none                      
 rsakeypair TP-self-signed-1234567890                                    
!
!
crypto pki certificate chain TP-self-signed-1234567890                                                      
 certificate self-signed 01                          
  30820257 308201C0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030                                                                                                        
  quit                                          
!
!
!
crypto isakmp policy 1                      
 hash md5        
 authentication pre-share                        
 group 2        
crypto isakmp key ********** address 61.123.234.16                                                
!
!
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac                                                          
crypto ipsec transform-set level1 esp-des esp-md5-hmac                                                      
!
crypto map outside_map 10 ipsec-isakmp                                      
 description Tunnel to Core                                  
 set peer 61.123.234.16                      
 set transform-set level1                        
 match address 105                  
!
!
!
interface FastEthernet0                      
!
interface FastEthernet1                      
!
interface FastEthernet2                      
!
interface FastE              
!
interface FastEthernet4                      
 description DSL outside interface$ES_WAN$                                          
 ip address 71.123.132.17 255.255.255.0                                        
 ip nat outside              
 ip virtual-reassembly                      
 duplex auto            
 speed auto          
 pppoe enable group global                          
 pppoe-client dial-pool-number 1                                
 crypto map outside_map                      
!
interface Vlan1              
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$                                                
 ip address 10.134.1.1 255.255.255.0                                    
 ip nat inside              
 ip virtual-reassembly                      
 ip tcp adjust-mss 1412                      
 crypto map outside_map                      
!
ip classless            
ip route 0.0.0.0 0.0.0.0 71.123.132.1                                    
!
no ip http server                
no ip http secure-server                        
ip http timeout-policy idle 60 life 86400 requests 10000                                                        
ip nat inside source list 100 interface FastEthernet4 overload                                                              
!
access-list 23 permit 10.10.10.0 0.0.0.7                                        
access-list 100 deny   ip 10.134.1.0 0.0.0.255 10.2.1.0 0.0.0.255                                                          
access-list 100 deny   ip 10.134.1.0 0.0.0.255 10.130.1.0 0.0.0.255                                                        
access-list 100 deny   icmp 10.134.1.0 0.0.0.255 10.2.1.0 0.0.0.255                                                        
access-list 100 deny   icmp 10.105.1.0 0.0.0.255 10.130.1.0 0.0.0.255                                                      
access-list 100 permit ip 10.105.1.0 0.0.0.255 any                                                  
access-list 100 permit icmp 10.105.1.0 0.0.0.255 any                                                    
access-list 105 permit ip 10.105.1.0 0.0.0.255 10.2.1.0 0.0.0.255              
access-list 105 permit ip 10.105.1.0 0.0.0.255 10.130.1.0 0.0.0.255
access-list 105 permit icmp 10.105.1.0 0.0.0.255 10.2.1.0 0.0.0.255
access-list 105 permit icmp 10.105.1.0 0.0.0.255 10.130.1.0 0.0.0.255
no cdp run
!
control-plane
!
!
line con 0
 login local
 no modem enable
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
ntp clock-period 17179385
ntp server 192.43.244.18
end
ASKER CERTIFIED SOLUTION
Frabble

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Log in to continue reading
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform for $9.99/mo
View membership options
Unlock 1 Answer and 4 Comments.
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
The Value of Experts Exchange in My Daily IT Life

Experts Exchange (EE) has become my company's go-to resource to get answers. I've used EE to make decisions, solve problems and even save customers. OutagesIO has been a challenging project and... Keep reading >>

Mike

Owner of Outages.IO
Phoenix, Arizona, United States
Member Since 2016
Join a full scale community that combines the best parts of other tools into one platform.
Unlock 1 Answer and 4 Comments.
View membership options
“All of life is about relationships, and EE has made a virtual community a real community. It lifts everyone's boat.”
William Peck

Member since 2004