Hi,

I've got a config I use and so far it's worked without issue.

The config template was created on a 771 router and I'm applying it to a 880 router.

I'm trying to use this router for a home business. It needs to allow internet access into the home LAN and remote access into the home LAN.

This config works on the 771, but does not on the 880.

The problem I'm having I believe is NAT.

When I apply ACL 111 the VPN quits working and I can't SSH to the UNIT's Public IP

Without ACL 111 I can connect to the VPN and SSH.

Without ACL 111 the home LAN can't access the internet.

I appreciate any help and tips.

Here's my config.

HomeGa#sh run

Building configuration...

Current configuration : 4728 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname HomeGa

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

!

aaa new-model

!

!

aaa authentication login userauthen local

aaa authorization network groupauthor local

!

!

aaa session-id common

!

crypto pki trustpoint TP-self-signed-***********

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-***********

revocation-check none

rsakeypair TP-self-signed-***********

!

!

crypto pki certificate chain TP-self-signed-***********

certificate self-signed 01

        quit

no ip source-route

!

!

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.1.1 192.168.1.50

!

ip dhcp pool dhcp-pool

   import all

   network 192.168.1.0 255.255.255.0

   default-router 192.168.1.1

   lease 8

!

!

no ip cef

no ip domain lookup

ip inspect name SDM_LOW dns

ip inspect name SDM_LOW ftp

ip inspect name SDM_LOW h323

ip inspect name SDM_LOW https

ip inspect name SDM_LOW icmp

ip inspect name SDM_LOW imap

ip inspect name SDM_LOW pop3

ip inspect name SDM_LOW rcmd

ip inspect name SDM_LOW rtsp

ip inspect name SDM_LOW esmtp

ip inspect name SDM_LOW sqlnet

ip inspect name SDM_LOW tftp

ip inspect name SDM_LOW tcp

ip inspect name SDM_LOW udp

ip inspect name SDM_LOW l2tp

!

no ipv6 cef

!

multilink bundle-name authenticated

!

!

username admin privilege 15 secret 5 **********************

!

!

crypto isakmp policy 5

encr 3des

authentication pre-share

group 2

!

crypto isakmp client configuration group ClientVPNPool

key ***********

pool ClientVPNPool

acl 101

!

!

crypto ipsec transform-set myset esp-3des esp-md5-hmac

!

crypto dynamic-map dynmap 10

set transform-set myset

reverse-route

!

!

crypto map clientmap client authentication list userauthen

crypto map clientmap isakmp authorization list groupauthor

crypto map clientmap client configuration address respond

crypto map clientmap 10 ipsec-isakmp dynamic dynmap

!

archive

log config

  hidekeys

!

!

!

!

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

description Internet_WAN

ip address *.*.*.* 255.255.255.252

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

crypto map clientmap

!

interface Vlan1

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

ip local pool ClientVPNPool 192.168.254.1 192.168.254.10

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 *.*.*.*

ip http server

ip http authentication local

ip http secure-server

!

!

ip nat inside source list 111 interface FastEthernet4 overload

!

access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.254.0 0.0.0.255

access-list 111 deny   ip 192.168.1.0 0.0.0.255 192.168.254.0 0.0.0.255

access-list 111 permit ip any any

!

!

!

!

!

control-plane

!

!

line con 0

no modem enable

line aux 0

line vty 0 4

privilege level 15

password 7 ************

transport input ssh

!

scheduler max-task-time 5000

end

HomeGa#