We help IT Professionals succeed at work.
Get Started

Cisco VPN Client + Cisco 851 Router

Last Modified: 2012-08-13
I've just finished configuring VPN on my Cisco 851 Router. I'm able to connect from a remote using the Cisco VPN Client to my router and also getting an IP from my vpn ip pool (192.168.25.x/24). After connecting I'm unable to ping or connect to any resources and computers on my local lan (192.168.168.x/24)

Can anyone tell me what am I doing wrong base on my configuration file below.



Current configuration : 4414 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname myrouter
enable secret 5 $1$pds/$$1$v5OP$mPuiEQn8UL
aaa new-model
aaa authentication login remoteusers local
aaa authorization network remotegroup local
aaa session-id common
crypto pki trustpoint TP-self-signed-3646643101
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3646643101
 revocation-check none
 rsakeypair TP-self-signed-3646643101
crypto pki certificate chain TP-self-signed-3646643101
 certificate self-signed 01
  30820257 308201C0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33363436 36343331 3031301E 170D3130 30363133 31323030
  74656D73 2E636F6D 301F0603 551D2304 18301680 1419FA09 D7992944 985DA2E1
  FD664785 928D70D2 47301D06 03551D0E 04160414 19FA09D7 99294498 5DA2E1FD
  66478592 8D70D247 300D0609 2A864886 F70D0101 04050003 8181000A 7B96D819
  1A555E5A CE0D7F6D F0A40AA6 D74BAEDB B6B88F1A 40DD2117 29596326 D14CCBB9
  3922D80E 3C17F954 1F8FF9EE 15BB78F0 CCA06C89 3C7EA8A3 DA503A49 88EE0B7A
  4A04265A B51AC42D 81752A9E 725D5031 931D3B2A 1A93AA5E 9D5C19E4 49748E83
  DE89B41C 19CB5ABD 2805D96F D3B5A1DA D3F911AC 9BABCF17 CF770A  
  30325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 36343636
  34333130 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100EEE1 A5FC25D5 9F804999 33C336B1 7E75512E 327070E0 F8F164A2 0D883A9B
  611929A2 10A36D5D 334B4BDD 47ABD60B B8AF20CC 436CB91D A6CC997D 1383E645
  5EC75C88 F25BE0A3 E465E8D2 AB20583B B2D60DAC 39A413E3 FBACAA3A ECE8EE61
  34C8140C 60852655 CC7C5FEC 78304FDC F875E8D9 3E0CE9C8 C061F745 B8553C91
  DE030203 010001A3 7F307D30 0F060355 1D130101 FF040530 030101FF 302A0603
  551D1104 23302182 1F697379 73383531 2E697379 732E6765 6D696E69 2D737973

dot11 syslog
no ip dhcp use vrf connected
ip dhcp excluded-address
ip dhcp pool my-pool
   import all
ip cef
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip bootp server
ip domain name my.domain.com
ip name-server
ip name-server
vtp mode transparent
username radmin privilege 15 secret 5 $$$$$$$$$$$$jkjaksjfas
username ruser1 password 0 password1
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp client configuration address-pool local dynpool
crypto isakmp client configuration group remotegroup
 key myvpnkey
 domain my.domain.com
 pool dynpool
crypto ipsec transform-set transform-1 esp-3des esp-sha-hmac
crypto dynamic-map dynmap 1
 set transform-set transform-1
crypto map dynmap client authentication list remoteusers
crypto map dynmap isakmp authorization list remotegroup
crypto map dynmap client configuration address respond
crypto map dynmap 1 ipsec-isakmp dynamic dynmap
 log config
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
 ip address
 ip access-group 101 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
 no cdp enable
 crypto map dynmap
interface Vlan1
 ip address
 ip nat inside
 ip virtual-reassembly
ip local pool dynpool
ip forward-protocol nd
ip route
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map nonat interface FastEthernet4 overload
logging trap debugging
no cdp run
route-map nonat permit 10
 match ip address 110
line con 0
 no modem enable
line aux 0
line vty 0 4
scheduler max-task-time 5000
Watch Question
Head of IT Security Division
Top Expert 2010
This problem has been solved!
Unlock 1 Answer and 4 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE