We help IT Professionals succeed at work.
Get Started

Easy VPN Set-up on Cisoc 1841

557 Views
Last Modified: 2012-05-11
Can some one please help me with my config? I have set-up the  Easy VPN and my VPN clients are receiving and IP address but  they  cannot ping any devices nor access any of the internal resources (network shares, RDP, application servers, etc.) any help would be highly appreciated.
Here is my config.


Building configuration...

Current configuration : 2068 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
warm-reboot
boot-end-marker
!
!
no aaa new-model
ip cef
!
!
!
!
ip name-server 206.191.x.140
ip name-server 10.1.1.3
!
multilink bundle-name authenticated
!
!
!
!
username mike password 0 test

crypto isakmp policy 10
 encr aes
 authentication pre-share
 group 2
!
crypto isakmp policy 11
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp client configuration group StorageGroup
 key test
 dns 10.1.1.3 10.1.1.11
 wins 10.1.1.3 10.1.1.11
 domain domain
 pool pool100
 acl SplitTunnel
 save-password
 netmask 255.255.255.0
!
!
crypto ipsec transform-set aessha esp-aes esp-sha-hmac
crypto ipsec transform-set 168sha esp-3des esp-sha-hmac
crypto ipsec transform-set 56md5 esp-des esp-md5-hmac
!
crypto dynamic-map dynmap 10
 set transform-set aessha
 reverse-route
!
!
crypto map vpnmap client authentication list userauthen
crypto map vpnmap isakmp authorization list StorageGroup
crypto map vpnmap client configuration address respond
crypto map vpnmap 10 ipsec-isakmp dynamic dynmap
!
!
!
!
interface FastEthernet0/0
 ip address 10.1.1.18 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 173.206.x.11 255.255.255.248
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 crypto map vpnmap
!
interface Serial0/0/0
 no ip address
 shutdown
!
ip local pool pool100 10.1.2.200 10.1.2.240
ip route 0.0.0.0 0.0.0.0 173.206.x.9
!
!
ip http server
no ip http secure-server
ip nat inside source route-map nonat interface FastEthernet0/1 overload
!
ip access-list extended SplitTunnel
 permit ip 10.1.1.0 0.0.0.255 any
!
access-list 100 deny   ip 10.1.1.0 0.0.0.255 10.1.2.0 0.0.0.255
access-list 100 permit ip 10.1.1.0 0.0.0.255 any
!
!
route-map nonat permit 10
 match ip address VPN-traffic


sh ip route
Gateway of last resort is 173.206.x.9 to network 0.0.0.0

     173.206.0.0/29 is subnetted, 1 subnets
C       173.206.x.8 is directly connected, FastEthernet0/1
     10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C       10.1.1.0/24 is directly connected, FastEthernet0/0
S       10.1.2.200/32 [1/0] via 67.212.13.26
S*   0.0.0.0/0 [1/0] via 173.206.x.9


Router#sh cryp ip sa

interface: FastEthernet0/1
    Crypto map tag: vpnmap, local addr 173.206.x.11

   protected vrf: (none)
   local  ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
   remote ident (addr/mask/prot/port): (10.1.2.200/255.255.255.255/0/0)
   current_peer 67.212.13.26 port 61277
     PERMIT, flags={}
    #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
    #pkts decaps: 76, #pkts decrypt: 76, #pkts verify: 76
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 0, #recv errors 0

     local crypto endpt.: 173.206.x.11, remote crypto endpt.: 67.212.13.26
     path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/1
     current outbound spi: 0xBB412AC8(3141610184)

     inbound esp sas:
      spi: 0x39F28194(972194196)
        transform: esp-aes esp-sha-hmac ,
        in use settings ={Tunnel UDP-Encaps, }
        conn id: 2001, flow_id: FPGA:1, crypto map: vpnmap
        sa timing: remaining key lifetime (k/sec): (4583849/3264)
        IV size: 16 bytes
        replay detection support: Y
        Status: ACTIVE

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:
      spi: 0xBB412AC8(3141610184)
        transform: esp-aes esp-sha-hmac ,
        in use settings ={Tunnel UDP-Encaps, }
        conn id: 2002, flow_id: FPGA:2, crypto map: vpnmap
        sa timing: remaining key lifetime (k/sec): (4583862/3255)
        IV size: 16 bytes
        replay detection support: Y
        Status: ACTIVE

     outbound ah sas:



Comment
Watch Question
Network Architect
Commented:
This problem has been solved!
Unlock 1 Answer and 2 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE