Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation

Who Me Too'd this topic

Remote access VPN with Cisco Router - Can not get the Internal Lan .

milon
Level 1
Level 1

‎09-05-2014 01:33 AM - edited ‎02-21-2020 07:48 PM

Dear Sir , I am doing Remote Access VPN through Cisco Router. Before the real deployment, I want to simulate it with GNS3.Need you help to complete the job .Please see the attachment for Scenario, Configuration and Ping status. I am getting IP address when i connect through VPN client .But I can not ping to the internal lan -192.168.1.0.Need your help to sole the issue. Below is the IP address of the device. Local PC connect with Router -2 (Through MS Loopback) Router -2 Router-1 PC -01 IP Address :10.10.10.2 Mask : 255.255.255.0 F0/01 IP address:10.10.10.1 Mask:255.255.255.0 F0/0 IP Address :20.20.20.1 Mask :255.255.255.0 F0/1 IP address :192.168.1.3 Mask:255.255.255.0 F0/0 IP address :20.20.20.2 Mask :255.255.255.0 F0/1 IP address :192.168.1.1 Mask:255.255.255.0 I can ping from local PC to the network 10.10.10.0 and 20.20.20.0 .Please find the attach file for ping status .So connectivity is ok from my local PC to Remote Router 1 and 2. Through Cisco remote vpn client, I can get connected with the VPN Router R1 (Please see the VPN Client pic.)But cannot ping the network 192.168.1.0 Need your help to fix the problem. Router R2 Configuration :! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R2 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! ! interface FastEthernet0/0 ip address 20.20.20.2 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 ip address 10.10.10.1 255.255.255.0 duplex auto speed auto ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end Router R1 Configuration : ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! ! aaa new-model ! ! aaa authentication login USERAUTH local aaa authorization network NETAUTHORIZE local ! aaa session-id common memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! username vpnuser password 0 strongpassword ! ! ip tcp synwait-time 5 ! crypto keyring vpnclientskey pre-shared-key address 0.0.0.0 0.0.0.0 key cisco123 ! crypto isakmp policy 10 encr 3des hash md5 authentication pre-share group 2 ! crypto isakmp client configuration group remotevpn key cisco123 dns 192.168.1.2 wins 192.168.1.2 domain mycompany.com pool vpnpool acl VPN-ACL crypto isakmp profile remoteclients description remote access vpn clients keyring vpnclientskey match identity group remotevpn client authentication list USERAUTH isakmp authorization list NETAUTHORIZE client configuration address respond ! ! crypto ipsec transform-set TRSET esp-3des esp-md5-hmac ! crypto dynamic-map DYNMAP 10 set transform-set TRSET set isakmp-profile remoteclients ! ! crypto map VPNMAP 10 ipsec-isakmp dynamic DYNMAP ! ! ! ! interface FastEthernet0/0 ip address 20.20.20.1 255.255.255.0 ip nat outside ip virtual-reassembly duplex auto speed auto crypto map VPNMAP ! interface FastEthernet0/1 ip address 192.168.1.1 255.255.255.0 ip nat inside ip virtual-reassembly duplex auto speed auto ! ip local pool vpnpool 192.168.50.1 192.168.50.10 ip forward-protocol nd ip route 10.10.10.0 255.255.255.0 FastEthernet0/0 ! ! no ip http server no ip http secure-server ip nat inside source list NAT-ACL interface FastEthernet0/0 overload ! ip access-list extended NAT-ACL deny ip 192.168.1.0 0.0.0.255 192.168.50.0 0.0.0.255 permit ip 192.168.1.0 0.0.0.255 any ip access-list extended VPN-ACL permit ip 192.168.1.0 0.0.0.255 192.168.50.0 0.0.0.255 ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 ! ! end
1 person had this problem
Labels:
0 Helpful
Who Me Too'd this topic