troubleshooting Question

VPN Tunneling with a Cisco 851 on Verizon DSL

Avatar of bhobson_2000
bhobson_2000Flag for United States of America asked on
RoutersVPNCisco
4 Comments1 Solution909 ViewsLast Modified:
I have a Cisco 851 that I've configured to construct a VPN tunnel back to a PIX 515.  The 851 is working on Verizon DSL, I can ping out to the internet from the router, but I can ping inside across the tunnel, and none of the machines plugged into the ports on the 851 can ping to the internet.  I'm a novice (translation, I don't know what I'm doing but I fake it really well), but I'm 99% certain that everything is correct on the PIX, all the same I'll copy up any pertinent info asked of me.  I'll post a fairly sterilized config off the 851 below, if any guru's can help me out it would be much appreciated!!!

version 12.4            
no service pad              
service timestamps debug datetime msec                                      
service timestamps log datetime msec                                    
no service password-encryption                              
!
hostname Cisco851                      
!
boot-start-mar            
boot-end-marker              
!
logging buffered 51200 warnings                              
!
no aaa new-model                
!
resource policy              
!
memory-size iomem 25                    
ip subnet-zero              
no ip dhcp use vrf connected                            
ip dhcp excluded-address 10.134.1.1 10.134.1.20                                              
!
ip dhcp pool pool1                  
   network 10.134.1.0 255.255.255.0                                  
   default-router 10.134.1.1                            
   dns-server 10.2.1.10 10.2.1.20                                
!
!
ip cef      
ip domain name DomainName                              
ip ssh time-out 45                  
!
!
crypto pki trustpoint TP-self-signed-1234567890                                              
 enrollment selfsigned                      
 subject-name cn=IOS-Self-Signed-Certificate-1234567890                                                      
 revocation-check none                      
 rsakeypair TP-self-signed-1234567890                                    
!
!
crypto pki certificate chain TP-self-signed-1234567890                                                      
 certificate self-signed 01                          
  30820257 308201C0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030                                                                                                        
  quit                                          
!
!
!
crypto isakmp policy 1                      
 hash md5        
 authentication pre-share                        
 group 2        
crypto isakmp key ********** address 61.123.234.16                                                
!
!
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac                                                          
crypto ipsec transform-set level1 esp-des esp-md5-hmac                                                      
!
crypto map outside_map 10 ipsec-isakmp                                      
 description Tunnel to Core                                  
 set peer 61.123.234.16                      
 set transform-set level1                        
 match address 105                  
!
!
!
interface FastEthernet0                      
!
interface FastEthernet1                      
!
interface FastEthernet2                      
!
interface FastE              
!
interface FastEthernet4                      
 description DSL outside interface$ES_WAN$                                          
 ip address 71.123.132.17 255.255.255.0                                        
 ip nat outside              
 ip virtual-reassembly                      
 duplex auto            
 speed auto          
 pppoe enable group global                          
 pppoe-client dial-pool-number 1                                
 crypto map outside_map                      
!
interface Vlan1              
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$                                                
 ip address 10.134.1.1 255.255.255.0                                    
 ip nat inside              
 ip virtual-reassembly                      
 ip tcp adjust-mss 1412                      
 crypto map outside_map                      
!
ip classless            
ip route 0.0.0.0 0.0.0.0 71.123.132.1                                    
!
no ip http server                
no ip http secure-server                        
ip http timeout-policy idle 60 life 86400 requests 10000                                                        
ip nat inside source list 100 interface FastEthernet4 overload                                                              
!
access-list 23 permit 10.10.10.0 0.0.0.7                                        
access-list 100 deny   ip 10.134.1.0 0.0.0.255 10.2.1.0 0.0.0.255                                                          
access-list 100 deny   ip 10.134.1.0 0.0.0.255 10.130.1.0 0.0.0.255                                                        
access-list 100 deny   icmp 10.134.1.0 0.0.0.255 10.2.1.0 0.0.0.255                                                        
access-list 100 deny   icmp 10.105.1.0 0.0.0.255 10.130.1.0 0.0.0.255                                                      
access-list 100 permit ip 10.105.1.0 0.0.0.255 any                                                  
access-list 100 permit icmp 10.105.1.0 0.0.0.255 any                                                    
access-list 105 permit ip 10.105.1.0 0.0.0.255 10.2.1.0 0.0.0.255              
access-list 105 permit ip 10.105.1.0 0.0.0.255 10.130.1.0 0.0.0.255
access-list 105 permit icmp 10.105.1.0 0.0.0.255 10.2.1.0 0.0.0.255
access-list 105 permit icmp 10.105.1.0 0.0.0.255 10.130.1.0 0.0.0.255
no cdp run
!
control-plane
!
!
line con 0
 login local
 no modem enable
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
ntp clock-period 17179385
ntp server 192.43.244.18
end
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 4 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 4 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros