We help IT Professionals succeed at work.
Get Started

Easy VPN Set-up on Cisoc 1841

Last Modified: 2012-05-11
Can some one please help me with my config? I have set-up the  Easy VPN and my VPN clients are receiving and IP address but  they  cannot ping any devices nor access any of the internal resources (network shares, RDP, application servers, etc.) any help would be highly appreciated.
Here is my config.

Building configuration...

Current configuration : 2068 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Router
no aaa new-model
ip cef
ip name-server 206.191.x.140
ip name-server
multilink bundle-name authenticated
username mike password 0 test

crypto isakmp policy 10
 encr aes
 authentication pre-share
 group 2
crypto isakmp policy 11
 encr 3des
 authentication pre-share
 group 2
crypto isakmp client configuration group StorageGroup
 key test
 domain domain
 pool pool100
 acl SplitTunnel
crypto ipsec transform-set aessha esp-aes esp-sha-hmac
crypto ipsec transform-set 168sha esp-3des esp-sha-hmac
crypto ipsec transform-set 56md5 esp-des esp-md5-hmac
crypto dynamic-map dynmap 10
 set transform-set aessha
crypto map vpnmap client authentication list userauthen
crypto map vpnmap isakmp authorization list StorageGroup
crypto map vpnmap client configuration address respond
crypto map vpnmap 10 ipsec-isakmp dynamic dynmap
interface FastEthernet0/0
 ip address
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
interface FastEthernet0/1
 ip address 173.206.x.11
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 crypto map vpnmap
interface Serial0/0/0
 no ip address
ip local pool pool100
ip route 173.206.x.9
ip http server
no ip http secure-server
ip nat inside source route-map nonat interface FastEthernet0/1 overload
ip access-list extended SplitTunnel
 permit ip any
access-list 100 deny   ip
access-list 100 permit ip any
route-map nonat permit 10
 match ip address VPN-traffic

sh ip route
Gateway of last resort is 173.206.x.9 to network is subnetted, 1 subnets
C       173.206.x.8 is directly connected, FastEthernet0/1 is variably subnetted, 2 subnets, 2 masks
C is directly connected, FastEthernet0/0
S [1/0] via
S* [1/0] via 173.206.x.9

Router#sh cryp ip sa

interface: FastEthernet0/1
    Crypto map tag: vpnmap, local addr 173.206.x.11

   protected vrf: (none)
   local  ident (addr/mask/prot/port): (
   remote ident (addr/mask/prot/port): (
   current_peer port 61277
     PERMIT, flags={}
    #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
    #pkts decaps: 76, #pkts decrypt: 76, #pkts verify: 76
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 0, #recv errors 0

     local crypto endpt.: 173.206.x.11, remote crypto endpt.:
     path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/1
     current outbound spi: 0xBB412AC8(3141610184)

     inbound esp sas:
      spi: 0x39F28194(972194196)
        transform: esp-aes esp-sha-hmac ,
        in use settings ={Tunnel UDP-Encaps, }
        conn id: 2001, flow_id: FPGA:1, crypto map: vpnmap
        sa timing: remaining key lifetime (k/sec): (4583849/3264)
        IV size: 16 bytes
        replay detection support: Y
        Status: ACTIVE

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:
      spi: 0xBB412AC8(3141610184)
        transform: esp-aes esp-sha-hmac ,
        in use settings ={Tunnel UDP-Encaps, }
        conn id: 2002, flow_id: FPGA:2, crypto map: vpnmap
        sa timing: remaining key lifetime (k/sec): (4583862/3255)
        IV size: 16 bytes
        replay detection support: Y
        Status: ACTIVE

     outbound ah sas:

Watch Question
Network Architect
This problem has been solved!
Unlock 1 Answer and 2 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE