Cisco VPN, Site to Site and Remote access problem

occs07
occs07 used Ask the Experts™
on
1. I have setup remote access vpn and it works great. The only problem I am having is when I connect my laptop to the VPN I am unable to browse internet.

2. On the same router I have also  setup DMVPN. When I try to establish a connection from  another router it wont connect. I have attached the debug information for isakmp and ipsec.

I have also attached my router config. If someone could please help, thank you so much.
debug.txt
router-config.txt
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
Hi

change this ACL from

access-list 105 remark NAT Traffic to Internet
access-list 105 deny   ip 172.100.0.0 0.0.255.255 192.168.10.0 0.0.0.255
access-list 105 permit ip 172.100.0.0 0.0.255.255 any

to::

access-list 105 remark NAT Traffic to Internet
access-list 105 permit ip 172.100.0.0 0.0.255.255 any

then try now >>>
Istvan KalmarHead of IT Security Division
Top Expert 2010

Commented:
after please claer xlate table:

clear xlate
Istvan KalmarHead of IT Security Division
Top Expert 2010

Commented:
sorry

clear ip nat trans *
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
Will this solve both of my problems?

Author

Commented:
I tried changing acl 105 but when I did I was not able to access any of my network resources. Although I was able to ping the gateways of all vlans held on the router. I also cleared ip trans *, but had no luck.

Author

Commented:
Any update?

Commented:
what's you LAN that you need to reach ?

try change this ACL ::

access-list 101 permit ip any any
access-list 102 remark VPN_Client_Split_tunnel_Networks_to_Encrypt
access-list 102 permit ip 172.100.10.0 0.0.0.255 any
access-list 102 deny   ip any any

to

access-list 101 permit ip any any
access-list 102 remark VPN_Client_Split_tunnel_Networks_to_Encrypt
access-list 102 permit ip 172.100.0.0 0.0.255.255 any
access-list 102 deny   ip any any


Author

Commented:
I'll try that out and get back to you. Thank you so much.

Author

Commented:
problem I am having now is when I try to access my network server it wont allow me, although I can ping it. I go to start - run - and enter \\172.100.10.253.

Any Ideas?

Author

Commented:
I am able to access internet when I change ACL 105 to the following:

access-list 105 remark NAT Traffic to Internet
access-list 105 permit ip 172.100.0.0 0.0.255.255 any

I also updated ACL 102. I noticed a check box on the cisco vpn client software that is labeled "Allow local LAN access". When I check that and connect to the VPN it allows me to browse internet but I am unable to ping or access any network resources such as my PC using RDP, or my server 172.100.10.253.

Any ideas?

Author

Commented:
I figured it out, it was with the ACL's. I ended up killing all of them and doing the following:

access-list 100 deny   ip 172.100.0.0 0.0.255.255 192.168.10.0 0.0.0.255
access-list 100 permit ip any any
access-list 101 permit ip 172.100.0.0 0.0.255.255 192.168.10.0 0.0.0.255

once I did this it worked like a charm. I am sure your above statement would work as well. I just don't have time to dink with it anymore. Thank you very much for your help. I will accept your above statement as the solution.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial