Hi all,

I must admit, I'm quite new to Cisco routers, although being more than confortable with Cisco switches.

I've so far configured my Cisco 877 router, so that it connects to our ADSL line using PPPOA, and have successfully configured phase 1 and 2 negotiations between it and our Juniper firewall.

The VPN comes up, I can ping the router from our HO, the router can ping our HO. However; nothing can ping any local kit to the router.

I've tried various configurations of access lists and such to remedy this, to no avail.

Please could you rip apart my below configuration and tell me which bits I have wrong, and which bits are terribly wrong?

FYI: router is hosted at site B, 172.30.44.0 255.255.255.0

Jniper Firewall is hosted at site A (HO) 172.20.0.0 255.255.0.0

Thanks in advance!

W4RegentSt#show run

Building configuration...

Current configuration : 3456 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname W4RegentSt

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

enable secret 5 <-scratched->

enable password <-scratched->

!

no aaa new-model

!

!

dot11 syslog

ip source-route

ip dhcp excluded-address 172.30.44.1 172.30.44.10

ip dhcp excluded-address 172.30.44.1 172.30.44.100

!

ip dhcp pool dpool1

   import all

   network 172.30.44.0 255.255.255.0

   subnet prefix-length 24

   default-router 172.30.44.1

   dns-server 172.30.44.1 172.20.0.222 172.20.0.221

   netbios-name-server 172.20.0.221 172.20.0.222

!

!

ip cef

ip domain name gratte.com

ip name-server 8.8.8.8

ip name-server 8.8.4.4

!

!

!

!

!

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp key <-scratched-> address <-HO PUBLIC IP-> no-xauth

!

!

crypto ipsec transform-set 3DESSHA esp-3des esp-sha-hmac

!

crypto ipsec profile IPSEC-VPN

set transform-set 3DESSHA

!

!

archive

log config

  hidekeys

!

!

!

!

!

interface Tunnel0

description --- IPSec Tunnel to KX ---

ip address 172.30.44.1 255.255.0.0

ip ospf mtu-ignore

load-interval 30

tunnel source Dialer0

tunnel destination <-HO PUBLIC IP->

tunnel mode ipsec ipv4

tunnel protection ipsec profile IPSEC-VPN

!

interface ATM0

no ip address

no atm ilmi-keepalive

pvc 0/38

  encapsulation aal5mux ppp dialer

  dialer pool-member 1

!

!

interface FastEthernet0

!

interface FastEthernet1

shutdown

!

interface FastEthernet2

shutdown

!

interface FastEthernet3

shutdown

!

interface Vlan1

no ip address

ip nat inside

ip virtual-reassembly

!

interface Dialer0

ip address negotiated

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

ppp chap hostname <-USERNAME->

ppp chap password 0 <-PASSWORD->

ppp pap sent-username <-USERNAME-> password 0 <-PASSWORD->

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer0

ip route 172.20.0.0 255.255.0.0 Tunnel0

no ip http server

no ip http secure-server

!

ip dns server

ip nat inside source list 1 interface Dialer0 overload

ip nat inside source list 100 interface FastEthernet0 overload

!

!

!

!

snmp-server community public RO

!

control-plane

!

banner motd ^C

You require authorisation to connect to this device.

If you are not authorised to connect to this device please disconnect now.  If

you fail to disconnect we will find you...

^C

!

line con 0

password <-SCRATCHED->

login

no modem enable

line aux 0

line vty 0 4

password <-SCRATCHED->

login

!

scheduler max-task-time 5000

end