Configure Cisco 837 VPN with VPN Client

HI,

I am currently trying to configure a VPN between the Cisco VPN client and my Cisco 837 security router. I can successfully establish a connection and the VPN client says its connected and I get an IP Address of the 837's LAN on my computer. However I cannot communicate between my computer and the remote LAN, so I cant even ping a device on the remote LAN or the 837. It seems that there is no routing taking place, however I cannot work it out.

I have attached a show run (with password etc, removed).

I was wondering if anyone here had any idea?

Thanks

Mark

!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router1
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 xxxxxxxxxxxxxxxxx
!
aaa new-model
!
!
aaa authentication login clientauth local
aaa authorization network groupauthor local
!
aaa session-id common
!
!
!
!
ip cef
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
!
!
!
username user1 password 7 xxxxxxxxxxx
username user2 privilege 15 password xxxxxxxx
!
class-map match-any VoIP
 match access-group 130
!
!
policy-map VoIP-QoS
 class VoIP
  priority percent 65
  set dscp ef
 class class-default
  fair-queue
!
!
crypto keyring spokes
  pre-shared-key address 0.0.0.0 0.0.0.0 key abcdefg1234567
!
crypto isakmp policy 10
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp client configuration group testgroup
 key abcdefg1234567
 dns 192.168.1.1
 wins 192.168.1.1
 domain mine.local
 pool ippool
crypto isakmp profile VPNclient
   description VPN clients profile
   match identity group testgroup
   client authentication list clientauth
   isakmp authorization list groupauthor
   client configuration address respond
crypto isakmp profile L2L
   description LAN-to-LAN for spoke router(s) connection
   keyring spokes
   match identity address 0.0.0.0
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 5
 set transform-set myset
 set isakmp-profile VPNclient
crypto dynamic-map dynmap 10
 set transform-set myset
 set isakmp-profile L2L
!
!
crypto map mymap 10 ipsec-isakmp dynamic dynmap
!
!
!
interface Loopback2
 ip address 1.1.1.1 255.255.255.0
!
interface Ethernet0
 ip address 192.168.4.254 255.255.255.0
 ip access-group 122 out
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
 ip policy route-map nonat
 hold-queue 100 out
!
interface Ethernet2
 no ip address
 shutdown
 hold-queue 100 out
!
interface ATM0
 no ip address
 atm vc-per-vp 64
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface ATM0.3 point-to-point
 description DSL
 no snmp trap link-status
 pvc 8/35
  ubr 384
  encapsulation aal5mux ppp dialer
  dialer pool-member 3
 !
!
interface FastEthernet1
 duplex auto
 speed auto
!
interface FastEthernet2
 duplex auto
 speed auto
!
interface FastEthernet3
 duplex auto
 speed auto
!
interface FastEthernet4
 duplex auto
 speed auto
!
interface Dialer3
 description ISP Dialer
 bandwidth 384
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 3
 no cdp enable
 ppp authentication pap callin
 ppp chap refuse
 ppp pap sent-username xxx@xxx.xxx password xxxxxxxxxxxx
 crypto map mymap
!
interface Dialer1
 no ip address
!
ip local pool ippool 192.168.4.193 192.168.4.222
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer3
ip route 192.168.1.0 255.255.255.0 192.168.4.2
ip route 192.168.2.0 255.255.255.0 192.168.4.2
ip route 192.168.3.0 255.255.255.0 192.168.4.2
!
ip http server
no ip http secure-server
!
ip nat inside source list 100 interface Dialer3 overload
!
no access-list 100 deny   ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255
no access-list 100 permit ip 192.168.4.0 0.0.0.255 any
no access-list 111 permit tcp any any eq telnet
no access-list 111 permit icmp any any administratively-prohibited
no access-list 111 permit icmp any any echo
no access-list 111 permit icmp any any echo-reply
no access-list 111 permit icmp any any packet-too-big
no access-list 111 permit icmp any any time-exceeded
no access-list 111 permit icmp any any traceroute
no access-list 111 permit icmp any any unreachable
no access-list 111 permit udp any eq bootps any eq bootpc
no access-list 111 permit udp any eq bootps any eq bootps
no access-list 111 permit udp any eq domain any
no access-list 111 permit esp any any
no access-list 111 permit udp any any eq isakmp
no access-list 111 permit udp any any eq 10000
no access-list 111 permit tcp any any eq 1723
no access-list 111 permit tcp any any eq 139
no access-list 111 permit udp any any eq netbios-ns
no access-list 111 permit udp any any eq netbios-dgm
no access-list 111 permit gre any any
no access-list 111 deny   ip any any
no access-list 112 permit ip 192.168.32.0 0.0.0.255 192.168.1.0 0.0.0.255
no access-list 114 permit ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255
no access-list 122 deny   tcp any any eq telnet
no access-list 122 permit ip any any
no access-list 130 permit ip host 192.168.32.120 any
no access-list 152 permit ip 192.168.32.0 0.0.0.255 192.168.1.0 0.0.0.255
no dialer-list 1 protocol ip permit
!
route-map nonat permit 10
 match ip address 152
 set ip next-hop 1.1.1.2
!
!
!
control-plane
!
!
line con 0
 password xxxxxxx
 no modem enable
 transport output all
line aux 0
 transport output all
line vty 0 4
 exec-timeout 120 0
 password xxxxxxxx
 length 0
 transport input all
 transport output all
!
scheduler max-task-time 5000
end

Select allOpen in new window