Solved

VPN Problem in CISCO 2811

Posted on 2008-10-21
2
649 Views
Last Modified: 2012-05-05
HI,
    I have recently tried to configure Easy VPN Server on CISCO 2811 cia SDM. The problem is that when i try to connect to the router remotly it cant connect. PLease help me. Is there any kind of ACL Issue in this.
Current configuration : 5415 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname MTL_RTR

!

boot-start-marker

boot-end-marker

!

logging buffered 52000 debugging

enable secret 5 $1$3ult$UZIRC2G5Nybzvurjm8q9d.

enable password xxxxxxxx

!

aaa new-model

!

!

aaa authentication login default local

aaa authentication login sdm_vpn_xauth_ml_1 local

aaa authentication login sdm_vpn_xauth_ml_2 local

aaa authentication login sdm_vpn_xauth_ml_3 local

aaa authentication login sdm_vpn_xauth_ml_4 local

aaa authorization exec default local 

aaa authorization network sdm_vpn_group_ml_1 local 

aaa authorization network sdm_vpn_group_ml_2 local 

aaa authorization network sdm_vpn_group_ml_3 local 

aaa authorization network sdm_vpn_group_ml_4 local 

!

aaa session-id common

!

resource policy

!

memory-size iomem 10

!

!

ip cef

!

!

ip name-server 10.16.6.11

ip name-server 10.16.7.12

!

!

!

voice-card 0

 no dspfarm

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!         

!

!

username nasir privilege 15 password 0 xxxxxxxxxxx

!

! 

!

crypto isakmp policy 1

 encr 3des

 authentication pre-share

 group 2

!

crypto isakmp policy 2

 encr 3des

 group 2

!

crypto isakmp client configuration group Test

 key alaskas

 dns 10.16.6.11 192.168.1.17

 wins 192.168.1.17

 pool SDM_POOL_1

 include-local-lan

crypto isakmp profile sdm-ike-profile-1

   match identity group Test

   client authentication list sdm_vpn_xauth_ml_4

   isakmp authorization list sdm_vpn_group_ml_4

   client configuration address respond

   virtual-template 4

!

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 

!

crypto ipsec profile SDM_Profile1

 set transform-set ESP-3DES-SHA 

 set isakmp-profile sdm-ike-profile-1

!

!

crypto map VPN 1 ipsec-isakmp 

 set peer 58.27.232.22

 set transform-set ESP-3DES-SHA 

 match address 150

!

!

!

!

!

interface FastEthernet0/0

 description -------------LAN------------$ETH-LAN$$FW_INSIDE$

 ip address 192.168.1.18 255.255.255.0

 ip nat inside

 ip virtual-reassembly

 duplex auto

 speed auto

!

interface FastEthernet0/1

 description $ETH-WAN$$FW_OUTSIDE$

 ip address xxxxxxxxxx 255.255.255.248

 ip flow ingress

 ip flow egress

 ip nat outside

 ip virtual-reassembly

 duplex auto

 speed auto

!         

interface Virtual-Template1 type tunnel

 no ip address

 tunnel mode ipsec ipv4

!

interface Virtual-Template4 type tunnel

 ip unnumbered FastEthernet0/1

 tunnel mode ipsec ipv4

 tunnel protection ipsec profile SDM_Profile1

!

ip local pool SDM_POOL_1 192.168.50.1 192.168.50.10

ip default-gateway 58.27.232.17

ip route 0.0.0.0 0.0.0.0 58.27.232.17

!

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat source static tcp 192.168.1.11 25 interface FastEthernet0/1 25

ip nat source static tcp 192.168.1.11 110 interface FastEthernet0/1 110

ip nat inside source list 110 interface FastEthernet0/1 overload

ip nat inside source static tcp 192.168.1.11 25 interface FastEthernet0/1 25

ip nat inside source static tcp 192.168.1.11 110 interface FastEthernet0/1 110

ip nat inside source static tcp 192.168.1.4 22 interface FastEthernet0/1 22

!

ip access-list extended SDM_AH

 remark SDM_ACL Category=1

 permit ahp any any

ip access-list extended SDM_ESP

 remark SDM_ACL Category=1

 permit esp any any

ip access-list extended SDM_HTTPS

 remark SDM_ACL Category=1

 permit tcp any any eq 443

ip access-list extended SDM_SHELL

 remark SDM_ACL Category=1

 permit tcp any any eq cmd

ip access-list extended SDM_SSH

 remark SDM_ACL Category=1

 permit tcp any any eq 22

!

access-list 110 permit ip 192.168.1.0 0.0.0.255 any

access-list 110 permit ip 192.168.10.0 0.0.0.255 any

access-list 110 permit ip 192.168.2.0 0.0.0.255 any

access-list 110 permit ip 192.168.3.0 0.0.0.255 any

access-list 110 permit ip 192.168.4.0 0.0.0.255 any

access-list 110 permit ip 192.168.5.0 0.0.0.255 any

access-list 110 permit ip 192.168.6.0 0.0.0.255 any

access-list 110 permit ip 192.168.7.0 0.0.0.255 any

access-list 110 permit ip 192.168.8.0 0.0.0.255 any

access-list 110 permit ip 192.168.9.0 0.0.0.255 any

access-list 110 permit ip 192.168.20.0 0.0.0.255 any

access-list 150 remark VPN

access-list 150 remark SDM_ACL Category=4

access-list 150 remark VPN

access-list 150 permit ip any any log

snmp-server community public RO

Open in new window

0
Comment
Question by:nasirsh
2 Comments
 
LVL 3

Expert Comment

by:IPFox
ID: 22773626
Hi,
From where you try to connect and how?
Are you trying from any of 192.168.x.x addresses?

0
 
LVL 4

Accepted Solution

by:
nasirsh earned 0 total points
ID: 22773734
No. I am trying to connect from outside like 203.81.x.x
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now