[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Cisco VPN and Network resources

Posted on 2009-02-14
7
Medium Priority
?
615 Views
Last Modified: 2012-05-06
OK, now for a third question...
I've used my Cisco 871W (all in one device) to set up a VPN...I'm able to browse the internet and I can access the networks websites (remote web and outlook web access), but I cant see the network's computers when I go to "my network places" , I cant use Outlook to connect to the exchange server and I cant print to any of the network printers whi[le connected to the VPN...
Does anyone have any ideas on how I can set this up Or is it even possible?
0
Comment
Question by:flyinace2
  • 3
  • 2
  • 2
7 Comments
 
LVL 4

Expert Comment

by:leibinusa
ID: 23643058
Did you setup DNS server for your vpn client?
0
 

Author Comment

by:flyinace2
ID: 23643077
I'm a little confused by what you are asking... While connected to the VPN, the primary DNS is the small business sever...Is there something else that needs to be setup?
0
 
LVL 4

Expert Comment

by:leibinusa
ID: 23643409
So you setup internal dns server as VPN client dns server. Can you ping those network resource by dns name?
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
LVL 79

Expert Comment

by:lrmoore
ID: 23643424
Can you post your 871W config?
0
 

Author Comment

by:flyinace2
ID: 23643509
leibenusa--- I still am a little confused but I think the answer is Yes... when i do an NSLOOKUP for things link RWW and OWA it is a local IP and I can log on. The main thing I cant see is all the comuters and shared folders when i go to "my network places" and I also tried to setup outlook to log onto the exchange server but it did not work...

Any ideas?
!This is the running config of the router: 192.168.1.1
!----------------------------------------------------------------------------
!version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service sequence-numbers
!
hostname wac871
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
enable secret 5 $1$AUsZ$e2HbtcerGBiSlb2fRiOBu/
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login sdm_vpn_xauth_ml_2 local
aaa authentication login sdm_vpn_xauth_ml_3 local
aaa authentication login sdm_vpn_xauth_ml_4 local
aaa authorization exec default local 
aaa authorization network sdm_vpn_group_ml_1 local 
aaa authorization network sdm_vpn_group_ml_2 local 
aaa authorization network sdm_vpn_group_ml_3 local 
aaa authorization network sdm_vpn_group_ml_4 local 
!
!
aaa session-id common
clock timezone Arizona -7
!
crypto pki trustpoint TP-self-signed-1456394651
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1456394651
 revocation-check none
 rsakeypair TP-self-signed-1456394651
!
!
crypto pki certificate chain TP-self-signed-1456394651
 certificate self-signed 01
  3082024B 308201B4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 31343536 33393436 3531301E 170D3038 31323039 30343335 
  34375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 34353633 
  39343635 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
  8100A130 D70DF06A 48435E92 F26FAC7B EBB985E0 FAB5C8B8 AF8BD3C8 84B83B53 
  AE59D355 4469F267 7E486F0E 7BE82175 2C59E1CB 652157A6 A9FF8679 5066AE60 
  F946A201 DD875B1D 652635A5 A46A1D47 968C623E AB70D087 EF485DCE 2498E4AF 
  6B04A010 4F2BF4A6 30DF1DA7 4584F7D1 FA48B79E A706A67C 21D7B596 BC7B45DE 
  0CEF0203 010001A3 73307130 0F060355 1D130101 FF040530 030101FF 301E0603 
  551D1104 17301582 13776163 3837312E 7761636C 616E2E6C 6F63616C 301F0603 
  551D2304 18301680 146653A6 CB0C6546 62270617 B19A80AA 3C9777FE ED301D06 
  03551D0E 04160414 6653A6CB 0C654662 270617B1 9A80AA3C 9777FEED 300D0609 
  2A864886 F70D0101 04050003 8181006F BC50028B 0A68A0D2 FD182CD7 4DD6614B 
  D4FC3ECA 47780C77 260738D9 F75FC90B 24DAE3A8 61EA9A07 DA5005C8 47FCD035 
  C6FA7388 72CCF739 89EF2159 9070A98E 007C7C9E 9620E223 737821A0 233A02C7 
  0BC748D3 FBE4E2CD A6788F35 61452592 DAAC4C1C EBD567C8 D148E031 B937F7D3 
  15E20C12 5ADD6480 4D0B5C00 B3A871
  	quit
dot11 syslog
!
dot11 ssid wac2
   authentication open 
!
no ip source-route
ip cef
!
!
ip port-map user-protocol--2 port tcp 987
ip port-map user-protocol--3 port tcp 3389
ip port-map user-protocol--1 port udp 21
no ip bootp server
ip domain name waclan.local
ip name-server 192.168.1.1
!
parameter-map type protocol-info msn-servers
 server name messenger.hotmail.com
 server name gateway.messenger.hotmail.com
 server name webmessenger.msn.com
 
parameter-map type protocol-info aol-servers
 server name login.oscar.aol.com
 server name toc.oscar.aol.com
 server name oam-d09a.blue.aol.com
 
parameter-map type protocol-info yahoo-servers
 server name scs.msg.yahoo.com
 server name scsa.msg.yahoo.com
 server name scsb.msg.yahoo.com
 server name scsc.msg.yahoo.com
 server name scsd.msg.yahoo.com
 server name cs16.msg.dcn.yahoo.com
 server name cs19.msg.dcn.yahoo.com
 server name cs42.msg.dcn.yahoo.com
 server name cs53.msg.dcn.yahoo.com
 server name cs54.msg.dcn.yahoo.com
 server name ads1.vip.scd.yahoo.com
 server name radio1.launch.vip.dal.yahoo.com
 server name in1.msg.vip.re2.yahoo.com
 server name data1.my.vip.sc5.yahoo.com
 server name address1.pim.vip.mud.yahoo.com
 server name edit.messenger.yahoo.com
 server name messenger.yahoo.com
 server name http.pager.yahoo.com
 server name privacy.yahoo.com
 server name csa.yahoo.com
 server name csb.yahoo.com
 server name csc.yahoo.com
 
parameter-map type regex sdm-regex-nonascii
 pattern [^\x00-\x80]
 
!
!
username FAYBB privilege 15 secret 5 XXXXXXX
username CRDEA secret 5 ZZZZZ
username ADFBVF secret 5 XXXXXXXX.
! 
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp client configuration group wacvpngroup
 key XXXX
 dns 192.168.1.2 68.105.28.11
 wins 192.168.1.2
 pool SDM_POOL_1
 include-local-lan
 max-users 5
!
crypto isakmp client configuration group WACVPN2
 key XXXX
 dns 192.168.1.2
 pool SDM_POOL_2
 acl 115
 max-users 5
 netmask 255.255.255.0
!
crypto isakmp client configuration browser-proxy Proxytest
 proxy auto-detect
crypto isakmp profile sdm-ike-profile-1
   match identity group wacvpngroup
   client authentication list sdm_vpn_xauth_ml_1
   isakmp authorization list sdm_vpn_group_ml_1
   client configuration address respond
   virtual-template 1
crypto isakmp profile sdm-ike-profile-2
   match identity group WACVPN2
   client authentication list sdm_vpn_xauth_ml_2
   isakmp authorization list sdm_vpn_group_ml_2
   client configuration address respond
   virtual-template 2
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
!
crypto ipsec profile SDM_Profile1
 set security-association idle-time 1800
 set transform-set ESP-3DES-SHA 
 set isakmp-profile sdm-ike-profile-1
!
crypto ipsec profile SDM_Profile2
 set transform-set ESP-3DES-SHA 
 set isakmp-profile sdm-ike-profile-2
!
!
crypto ctcp port 10000 
archive
 log config
  hidekeys
!
!
!
class-map type inspect smtp match-any sdm-app-smtp
 match  data-length gt 5000000
class-map type inspect match-all sdm-nat-user-protocol--3-1
 match access-group 111
 match protocol user-protocol--3
class-map type inspect match-any tp
 match protocol smtp
 match protocol imap
 match protocol imap3
 match protocol pop3
 match protocol pop3s
 match protocol imaps
class-map type inspect match-all sdm-nat-http-1
 match access-group 102
 match protocol http
class-map type inspect match-all sdm-nat-user-protocol--2-1
 match access-group 106
 match protocol user-protocol--2
class-map type inspect match-all sdm-nat-user-protocol--1-2
 match access-group 114
 match protocol user-protocol--1
class-map type inspect http match-any sdm-app-nonascii
 match  req-resp header regex sdm-regex-nonascii
class-map type inspect match-all sdm-nat-user-protocol--1-1
 match access-group 103
class-map type inspect match-all sdm-nat-http-2
 match access-group 113
 match protocol http
class-map type inspect match-all sdm-nat-smtp-1
 match access-group 104
 match protocol smtp
class-map type inspect match-all sdm-nat-imap-1
 match access-group 109
 match protocol imap
class-map type inspect match-any SDM_AH
 match access-group name SDM_AH
class-map type inspect imap match-any sdm-app-imap
 match  invalid-command
class-map type inspect match-any sdm-cls-insp-traffic
 match protocol dns
 match protocol https
 match protocol icmp
 match protocol imap
 match protocol pop3
 match protocol tcp
 match protocol udp
class-map type inspect match-all sdm-insp-traffic
 match class-map sdm-cls-insp-traffic
class-map type inspect match-any SDM-Voice-permit
 match protocol h323
 match protocol skinny
 match protocol sip
class-map type inspect match-any sdm-service-sdm-pol-NATOutsideToInside-1
 match protocol user-protocol--1
 match protocol ftp
class-map type inspect match-any SDM_IP
 match access-group name SDM_IP
class-map type inspect match-any ht
 match protocol http
class-map type inspect match-any SDM_ESP
 match access-group name SDM_ESP
class-map type inspect match-any SDM_EASY_VPN_SERVER_TRAFFIC
 match protocol isakmp
 match protocol ipsec-msft
 match class-map SDM_AH
 match class-map SDM_ESP
class-map type inspect match-all SDM_EASY_VPN_SERVER_PT
 match class-map SDM_EASY_VPN_SERVER_TRAFFIC
class-map type inspect match-all sdm-protocol-pop3
 match protocol pop3
class-map type inspect match-all sdm-nat-pop3s-1
 match access-group 108
 match protocol pop3s
class-map type inspect match-any sdm-cls-icmp-access
 match protocol icmp
 match protocol tcp
 match protocol udp
class-map type inspect match-all sdm-cls-sdm-inspect-2
 match class-map tp
 match access-group name Smtp
class-map type inspect match-any sdm-cls-protocol-im
 match protocol ymsgr yahoo-servers
 match protocol msnmsgr msn-servers
 match protocol aol aol-servers
class-map type inspect match-any Yahoo
 match protocol http
class-map type inspect match-all sdm-cls-sdm-inspect-1
 match class-map Yahoo
 match access-group name Yahoo
class-map type inspect match-all sdm-nat-pop3-1
 match access-group 107
 match protocol pop3
class-map type inspect pop3 match-any sdm-app-pop3
 match  invalid-command
class-map type inspect http match-any sdm-http-blockparam
 match  request port-misuse im
 match  request port-misuse p2p
 match  request port-misuse tunneling
 match  req-resp protocol-violation
class-map type inspect match-all sdm-protocol-im
 match class-map sdm-cls-protocol-im
class-map type inspect match-all sdm-invalid-src
 match access-group 100
 match class-map ht
class-map type inspect match-all sdm-icmp-access
 match class-map sdm-cls-icmp-access
class-map type inspect http match-any sdm-app-httpmethods
 match  request method bcopy
 match  request method bdelete
 match  request method bmove
 match  request method bpropfind
 match  request method bproppatch
 match  request method connect
 match  request method copy
 match  request method delete
 match  request method edit
 match  request method getattribute
 match  request method getattributenames
 match  request method getproperties
 match  request method index
 match  request method lock
 match  request method mkcol
 match  request method mkdir
 match  request method move
 match  request method notify
 match  request method options
 match  request method poll
 match  request method post
 match  request method propfind
 match  request method proppatch
 match  request method put
 match  request method revadd
 match  request method revlabel
 match  request method revlog
 match  request method revnum
 match  request method save
 match  request method search
 match  request method setattribute
 match  request method startrev
 match  request method stoprev
 match  request method subscribe
 match  request method trace
 match  request method unedit
 match  request method unlock
 match  request method unsubscribe
class-map type inspect match-all sdm-protocol-http
 match protocol http
class-map type inspect match-all sdm-nat-https-1
 match access-group 105
 match protocol https
class-map type inspect match-all sdm-protocol-smtp
 match protocol smtp
class-map type inspect match-all sdm-protocol-imap
 match protocol imap
class-map type inspect match-all sdm-nat-imaps-1
 match access-group 110
 match protocol imaps
!
!
policy-map type inspect sdm-permit-icmpreply
 class type inspect sdm-icmp-access
  inspect
 class class-default
  pass
policy-map type inspect sdm-pol-NATOutsideToInside-1
 class type inspect sdm-nat-http-1
  inspect
 class type inspect sdm-nat-user-protocol--1-1
  inspect
 class type inspect sdm-nat-smtp-1
  inspect
 class type inspect sdm-nat-https-1
  inspect
 class type inspect sdm-nat-user-protocol--2-1
  inspect
 class type inspect sdm-nat-pop3-1
  inspect
 class type inspect sdm-nat-pop3s-1
  inspect
 class type inspect sdm-nat-imap-1
  inspect
 class type inspect sdm-nat-imaps-1
  inspect
 class type inspect sdm-nat-user-protocol--3-1
  inspect
 class type inspect sdm-nat-http-2
  inspect
 class type inspect sdm-nat-user-protocol--1-2
  inspect
 class class-default
  drop log
policy-map type inspect http sdm-action-app-http
 class type inspect http sdm-http-blockparam
  log
  reset
 class type inspect http sdm-app-httpmethods
  log
  reset
 class type inspect http sdm-app-nonascii
  log
  reset
 class class-default
policy-map type inspect smtp sdm-action-smtp
 class type inspect smtp sdm-app-smtp
  reset
 class class-default
policy-map type inspect imap sdm-action-imap
 class type inspect imap sdm-app-imap
  log
  reset
 class class-default
policy-map type inspect pop3 sdm-action-pop3
 class type inspect pop3 sdm-app-pop3
  log
  reset
 class class-default
policy-map type inspect sdm-inspect
 class type inspect sdm-cls-sdm-inspect-2
  inspect
 class type inspect sdm-cls-sdm-inspect-1
  inspect
 class type inspect sdm-protocol-http
  inspect
  service-policy http sdm-action-app-http
 class type inspect sdm-invalid-src
  drop log
 class type inspect sdm-protocol-smtp
  inspect
  service-policy smtp sdm-action-smtp
 class type inspect sdm-protocol-imap
  inspect
  service-policy imap sdm-action-imap
 class type inspect sdm-protocol-pop3
  inspect
  service-policy pop3 sdm-action-pop3
 class type inspect sdm-protocol-im
  inspect
 class type inspect sdm-insp-traffic
  inspect
 class type inspect SDM-Voice-permit
  inspect
 class class-default
  pass
policy-map type inspect sdm-permit
 class type inspect SDM_EASY_VPN_SERVER_PT
  pass
 class class-default
  drop log
policy-map type inspect sdm-permit-ip
 class type inspect SDM_IP
  pass
 class class-default
  inspect
!
zone security out-zone
zone security in-zone
zone security ezvpn-zone
zone-pair security sdm-zp-self-out source self destination out-zone
 service-policy type inspect sdm-permit-icmpreply
zone-pair security sdm-zp-out-self source out-zone destination self
 service-policy type inspect sdm-permit
zone-pair security sdm-zp-in-out source in-zone destination out-zone
 service-policy type inspect sdm-inspect
zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone
 service-policy type inspect sdm-pol-NATOutsideToInside-1
zone-pair security sdm-zp-in-ezvpn1 source in-zone destination ezvpn-zone
 service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-out-ezpn1 source out-zone destination ezvpn-zone
 service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-ezvpn-out1 source ezvpn-zone destination out-zone
 service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-ezvpn-in1 source ezvpn-zone destination in-zone
 service-policy type inspect sdm-permit-ip
!
bridge irb
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 description $ES_WAN$$FW_OUTSIDE$
 ip address 98.190.138.132 255.255.255.240
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 zone-member security out-zone
 duplex auto
 speed auto
!
interface Virtual-Template1 type tunnel
 ip unnumbered BVI1
 ip nat inside
 ip virtual-reassembly
 zone-member security ezvpn-zone
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile SDM_Profile1
!
interface Virtual-Template2 type tunnel
 ip unnumbered FastEthernet4
 ip nat inside
 ip virtual-reassembly
 zone-member security ezvpn-zone
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile SDM_Profile2
!
interface Dot11Radio0
 no ip address
 !
 encryption key 1 size 40bit 0 0E851FC13C transmit-key
 encryption mode ciphers wep40 
 !
 ssid wac2
 !
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
 no ip address
 ip tcp adjust-mss 1452
 bridge-group 1
!
interface BVI1
 description $ES_LAN$$FW_INSIDE$
 ip address 192.168.1.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 zone-member security in-zone
 ip tcp adjust-mss 1452
!
ip local pool SDM_POOL_1 192.168.3.20 192.168.3.30
ip local pool SDM_POOL_2 192.168.2.40 192.168.2.50
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 98.190.138.129
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 101 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.1.2 80 interface FastEthernet4 80
ip nat inside source static udp 192.168.1.150 21 interface FastEthernet4 21
ip nat inside source static tcp 192.168.1.2 25 interface FastEthernet4 25
ip nat inside source static tcp 192.168.1.2 443 interface FastEthernet4 443
ip nat inside source static tcp 192.168.1.2 987 interface FastEthernet4 987
ip nat inside source static tcp 192.168.1.2 110 interface FastEthernet4 110
ip nat inside source static tcp 192.168.1.2 995 interface FastEthernet4 995
ip nat inside source static tcp 192.168.1.2 143 interface FastEthernet4 143
ip nat inside source static tcp 192.168.1.2 993 interface FastEthernet4 993
ip nat inside source static tcp 192.168.1.49 3389 interface FastEthernet4 3389
ip nat inside source static tcp 192.168.1.150 21 interface FastEthernet4 21
ip nat inside source list vpntoNet2 interface FastEthernet4 overload
!
ip access-list extended SDM_AH
 remark SDM_ACL Category=1
 permit ahp any any
ip access-list extended SDM_ESP
 remark SDM_ACL Category=1
 permit esp any any
ip access-list extended SDM_IP
 remark SDM_ACL Category=1
 permit ip any any
ip access-list extended Smtp
 remark SDM_ACL Category=128
 permit ip any any
ip access-list extended Yahoo
 remark SDM_ACL Category=128
 permit ip any any
ip access-list extended vpntoNet
 remark vpn to net
 remark SDM_ACL Category=2
 remark vpn to netr
 permit tcp 192.168.3.0 0.0.0.255 host 98.190.138.132
ip access-list extended vpntoNet2
 remark VPNtoNet
 remark SDM_ACL Category=2
 permit tcp 192.168.3.0 0.0.0.255 any
!
logging trap debugging
access-list 100 remark SDM_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip 98.190.138.128 0.0.0.15 any
access-list 101 remark SDM_ACL Category=2
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 remark SDM_ACL Category=0
access-list 102 permit ip any host 192.168.1.2
access-list 103 remark SDM_ACL Category=0
access-list 103 permit ip any host 192.168.1.150
access-list 104 remark SDM_ACL Category=0
access-list 104 permit ip any host 192.168.1.2
access-list 105 remark SDM_ACL Category=0
access-list 105 permit ip any host 192.168.1.2
access-list 106 remark SDM_ACL Category=0
access-list 106 permit ip any host 192.168.1.2
access-list 107 remark SDM_ACL Category=0
access-list 107 permit ip any host 192.168.1.2
access-list 108 remark SDM_ACL Category=0
access-list 108 permit ip any host 192.168.1.2
access-list 109 remark SDM_ACL Category=0
access-list 109 permit ip any host 192.168.1.2
access-list 110 remark SDM_ACL Category=0
access-list 110 permit ip any host 192.168.1.2
access-list 111 remark SDM_ACL Category=0
access-list 111 permit ip any host 192.168.1.49
access-list 112 remark SDM_ACL Category=4
access-list 112 permit ip 192.168.1.0 0.0.0.255 any log
access-list 112 permit tcp 192.168.3.0 0.0.0.255 any
access-list 113 remark SDM_ACL Category=0
access-list 113 permit ip any host 192.168.1.2
access-list 114 remark SDM_ACL Category=0
access-list 114 permit ip any host 192.168.1.150
access-list 115 remark SDM_ACL Category=4
access-list 115 permit ip 192.168.1.0 0.0.0.255 any
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^C
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device. 
This feature requires the one-time use of the username "cisco" 
with the password "cisco". The default username and password have a privilege level of 15.
 
Please change these publicly known initial credentials using SDM or the IOS CLI. 
Here are the Cisco IOS commands.
 
username <myuser>  privilege 15 secret 0 <mypassword>
no username cisco
 
Replace <myuser> and <mypassword> with the username and password you want to use. 
 
For more information about SDM please follow the instructions in the QUICK START 
GUIDE for your router or go to http://www.cisco.com/go/sdm 
-----------------------------------------------------------------------
 
^C
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 privilege level 15
 transport input telnet ssh
!
scheduler max-task-time 5000
end

Open in new window

0
 
LVL 79

Accepted Solution

by:
lrmoore earned 2000 total points
ID: 23644750
>The main thing I cant see is all the comuters and shared folders when i go to "my network places"
This is a Microsoft issue with NetBIOS and not a problem with the VPN configuration.

>wins 192.168.1.2
You set the wins server IP for one group but not the other group. Which group are you using? WINS is the key to NetBIOS issues. Else just add a LMHOSTS entry for the domain and the domain controller.

>ip nat inside source list 101 interface FastEthernet4 overload
ACL 101 should look like this so that traffic between inside and VPN pool is not natted:
access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 any

BTW, this zone security stuff is difficult at best to set up. You almost have to use the configuration tool to get it half way right. Give me a PIX or ASA any day and let the routers just do the routing.
0
 

Author Closing Comment

by:flyinace2
ID: 31547011
I appreciate the additional information!
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question