Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 663
  • Last Modified:

VPN Problem in CISCO 2811

HI,
    I have recently tried to configure Easy VPN Server on CISCO 2811 cia SDM. The problem is that when i try to connect to the router remotly it cant connect. PLease help me. Is there any kind of ACL Issue in this.
Current configuration : 5415 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MTL_RTR
!
boot-start-marker
boot-end-marker
!
logging buffered 52000 debugging
enable secret 5 $1$3ult$UZIRC2G5Nybzvurjm8q9d.
enable password xxxxxxxx
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login sdm_vpn_xauth_ml_2 local
aaa authentication login sdm_vpn_xauth_ml_3 local
aaa authentication login sdm_vpn_xauth_ml_4 local
aaa authorization exec default local 
aaa authorization network sdm_vpn_group_ml_1 local 
aaa authorization network sdm_vpn_group_ml_2 local 
aaa authorization network sdm_vpn_group_ml_3 local 
aaa authorization network sdm_vpn_group_ml_4 local 
!
aaa session-id common
!
resource policy
!
memory-size iomem 10
!
!
ip cef
!
!
ip name-server 10.16.6.11
ip name-server 10.16.7.12
!
!
!
voice-card 0
 no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!         
!
!
username nasir privilege 15 password 0 xxxxxxxxxxx
!
! 
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp policy 2
 encr 3des
 group 2
!
crypto isakmp client configuration group Test
 key alaskas
 dns 10.16.6.11 192.168.1.17
 wins 192.168.1.17
 pool SDM_POOL_1
 include-local-lan
crypto isakmp profile sdm-ike-profile-1
   match identity group Test
   client authentication list sdm_vpn_xauth_ml_4
   isakmp authorization list sdm_vpn_group_ml_4
   client configuration address respond
   virtual-template 4
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
!
crypto ipsec profile SDM_Profile1
 set transform-set ESP-3DES-SHA 
 set isakmp-profile sdm-ike-profile-1
!
!
crypto map VPN 1 ipsec-isakmp 
 set peer 58.27.232.22
 set transform-set ESP-3DES-SHA 
 match address 150
!
!
!
!
!
interface FastEthernet0/0
 description -------------LAN------------$ETH-LAN$$FW_INSIDE$
 ip address 192.168.1.18 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description $ETH-WAN$$FW_OUTSIDE$
 ip address xxxxxxxxxx 255.255.255.248
 ip flow ingress
 ip flow egress
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!         
interface Virtual-Template1 type tunnel
 no ip address
 tunnel mode ipsec ipv4
!
interface Virtual-Template4 type tunnel
 ip unnumbered FastEthernet0/1
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile SDM_Profile1
!
ip local pool SDM_POOL_1 192.168.50.1 192.168.50.10
ip default-gateway 58.27.232.17
ip route 0.0.0.0 0.0.0.0 58.27.232.17
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat source static tcp 192.168.1.11 25 interface FastEthernet0/1 25
ip nat source static tcp 192.168.1.11 110 interface FastEthernet0/1 110
ip nat inside source list 110 interface FastEthernet0/1 overload
ip nat inside source static tcp 192.168.1.11 25 interface FastEthernet0/1 25
ip nat inside source static tcp 192.168.1.11 110 interface FastEthernet0/1 110
ip nat inside source static tcp 192.168.1.4 22 interface FastEthernet0/1 22
!
ip access-list extended SDM_AH
 remark SDM_ACL Category=1
 permit ahp any any
ip access-list extended SDM_ESP
 remark SDM_ACL Category=1
 permit esp any any
ip access-list extended SDM_HTTPS
 remark SDM_ACL Category=1
 permit tcp any any eq 443
ip access-list extended SDM_SHELL
 remark SDM_ACL Category=1
 permit tcp any any eq cmd
ip access-list extended SDM_SSH
 remark SDM_ACL Category=1
 permit tcp any any eq 22
!
access-list 110 permit ip 192.168.1.0 0.0.0.255 any
access-list 110 permit ip 192.168.10.0 0.0.0.255 any
access-list 110 permit ip 192.168.2.0 0.0.0.255 any
access-list 110 permit ip 192.168.3.0 0.0.0.255 any
access-list 110 permit ip 192.168.4.0 0.0.0.255 any
access-list 110 permit ip 192.168.5.0 0.0.0.255 any
access-list 110 permit ip 192.168.6.0 0.0.0.255 any
access-list 110 permit ip 192.168.7.0 0.0.0.255 any
access-list 110 permit ip 192.168.8.0 0.0.0.255 any
access-list 110 permit ip 192.168.9.0 0.0.0.255 any
access-list 110 permit ip 192.168.20.0 0.0.0.255 any
access-list 150 remark VPN
access-list 150 remark SDM_ACL Category=4
access-list 150 remark VPN
access-list 150 permit ip any any log
snmp-server community public RO

Open in new window

0
nasirsh
Asked:
nasirsh
1 Solution
 
IPFoxCommented:
Hi,
From where you try to connect and how?
Are you trying from any of 192.168.x.x addresses?

0
 
nasirshAuthor Commented:
No. I am trying to connect from outside like 203.81.x.x
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now