cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
289
Views
0
Helpful
2
Replies

Setting up Remote Access IPSEC VPN

hirani89
Beginner
Beginner

Hi,

Here is my config. I am not able to connect to VPN.

Building configuration...


Current configuration : 5979 bytes
!
! Last configuration change at 08:40:03 UTC Sun Apr 18 2021 by root
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RRouter
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
no ipv6 cef
ip source-route
ip cef
!
!
!
ip multicast-routing
ip dhcp excluded-address 192.168.10.1 192.168.10.50
ip dhcp excluded-address 192.168.20.1 192.168.20.50
ip dhcp excluded-address 192.168.1.1 192.168.1.50
ip dhcp excluded-address 192.168.10.101 192.168.10.254
ip dhcp excluded-address 192.168.101.1 192.168.101.10
ip dhcp excluded-address 192.168.30.1 192.168.30.50
ip dhcp excluded-address 192.168.40.1 192.168.40.10
!
ip dhcp pool ONE
 network 192.168.1.0 255.255.255.0
 dns-server 192.168.10.1
 default-router 192.168.1.1
!
ip dhcp pool TEN
 network 192.168.10.0 255.255.255.0
 dns-server 1.1.1.1 1.0.0.1
 default-router 192.168.10.1
!
ip dhcp pool TWENTY
 network 192.168.20.0 255.255.255.0
 dns-server 1.1.1.1 1.0.0.1
 default-router 192.168.20.1
!
ip dhcp pool ONEOONE
 network 192.168.101.0 255.255.255.0
 dns-server 1.1.1.1 1.0.0.1
 default-router 192.168.101.1
!
ip dhcp pool THIRTY
 network 192.168.30.0 255.255.255.0
 default-router 192.168.30.1
 dns-server 1.1.1.1 1.0.0.1
!
ip dhcp pool Wifi_Camera
!
ip dhcp pool fourty
 network 192.168.40.0 255.255.255.0
 dns-server 1.1.1.1 1.0.0.1
 default-router 192.168.40.1
!
ip dhcp pool FIFTY
 network 192.168.50.0 255.255.255.0
 default-router 192.168.50.1
 dns-server 1.1.1.1 1.0.0.1
!
ip dhcp pool WIN1
 host 192.168.10.76 255.255.255.0
 client-identifier 01fc.aa14.28be.c0
!
ip dhcp pool HA Server
 host 192.168.10.2 255.255.255.0
 client-identifier 01b8.27eb.8ee9.95
!
!
ip domain name ssmt.local
ip name-server 1.1.1.1
ip name-server 1.0.0.1
!
multilink bundle-name authenticated
!
!
!
!
!
crypto pki token default removal timeout 0
!
!
voice-card 0
!
!
!
!
!
!
!
license udi pid CISCO2921/K9 sn FGL171712X4
hw-module pvdm 0/0
!
!
!
username root privilege 15 password 0 password
username user secret 4 GK32328zogUw41aNsnIiZ9irs2rALsySwMouCKQYxus
!
redundancy
!
!
!
!
ip ssh version 2
!
!
crypto isakmp policy 100
 encr aes 256
 authentication pre-share
 group 20
 lifetime 3600
!
crypto isakmp client configuration group GroupVPN
 key groupkey
 pool VPNPool
!
!
crypto ipsec transform-set SetVPN esp-aes esp-sha-hmac
!
crypto dynamic-map DynamicVPN 100
 set transform-set SetVPN
 reverse-route
!
!
crypto map StaticMap client authentication list UserVPN
crypto map StaticMap isakmp authorization list GroupVPN
crypto map StaticMap client configuration address respond
crypto map StaticMap 20 ipsec-isakmp dynamic DynamicVPN
!
!
!
!
!
interface Loopback100
 description hairpin
 ip address 169.254.255.254 255.255.255.255
 ip nat inside
 ip virtual-reassembly in
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 no ip address
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/0.100
 description -Internet-
 encapsulation dot1Q 100
 ip address 123.123.123.123 255.255.255.252
 no ip redirects
 ip nat outside
 ip nat enable
 ip virtual-reassembly in
 crypto map StaticMap
!
interface GigabitEthernet0/1
 no ip address
 ip pim dense-mode
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/1.1
 encapsulation dot1Q 1 native
 ip address 192.168.1.1 255.255.255.0
 ip pim dense-mode
 ip nat inside
 ip virtual-reassembly in
 ip cgmp
!
interface GigabitEthernet0/1.10
 encapsulation dot1Q 10
 ip address 192.168.10.1 255.255.255.0
 ip pim dense-mode
 ip nat inside
 ip virtual-reassembly in
 ip cgmp
!
interface GigabitEthernet0/1.20
 encapsulation dot1Q 20
 ip address 192.168.20.1 255.255.255.0
 ip pim dense-mode
 ip nat inside
 ip virtual-reassembly in
 ip cgmp
!
interface GigabitEthernet0/1.30
 encapsulation dot1Q 30
 ip address 192.168.30.1 255.255.255.0
 ip pim dense-mode
 ip nat inside
 ip virtual-reassembly in
 ip cgmp
!
interface GigabitEthernet0/1.40
 encapsulation dot1Q 40
 ip address 192.168.40.1 255.255.255.0
 ip pim dense-mode
 ip nat inside
 ip virtual-reassembly in
 ip cgmp
!
interface GigabitEthernet0/1.50
 encapsulation dot1Q 50
 ip address 192.168.50.1 255.255.255.0
 ip pim dense-mode
 ip nat inside
 ip virtual-reassembly in
 ip cgmp
!
interface GigabitEthernet0/1.101
 encapsulation dot1Q 101
 ip address 192.168.101.1 255.255.255.0
 ip pim dense-mode
 ip nat inside
 ip virtual-reassembly in
 ip cgmp
!
interface GigabitEthernet0/2
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface GigabitEthernet0/1/0
 no ip address
 shutdown
 negotiation auto
!
!
ip local pool VPNPool 192.168.10.20 192.168.10.50
ip default-gateway 123.123.123.122
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip dns server
ip nat source static tcp 192.168.10.1 22 interface GigabitEthernet0/0.100 10122
ip nat inside source list NAT interface GigabitEthernet0/0.100 overload
ip nat inside source static tcp 192.168.30.3 8000 interface GigabitEthernet0/0.100 18000
ip nat inside source static udp 192.168.30.3 8000 interface GigabitEthernet0/0.100 18000
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0.100 27.32.231.217
!
ip access-list standard NAT
 permit 192.168.0.0 0.0.255.255
!
ip access-list extended NatPin
 permit ip 192.168.0.0 0.0.255.255 any
 permit ip 192.168.30.0 0.0.0.255 any
!
!
!
!
!
route-map NAT_PBR permit 10
 set interface Loopback100
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
gatekeeper
 shutdown
!
!
!
line con 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 privilege level 15
 login local
 transport input ssh
line vty 5 15
 login local
 transport input all
!
scheduler allocate 20000 1000
end

 

2 Replies 2

Georg Pauwen
VIP Master VIP Master
VIP Master

Hello,

 

try and add the lines marked in bold:

 

crypto dynamic-map DynamicVPN 100
set transform-set SetVPN
--> match address 101
reverse-route
!
--> crypto map StaticMap local-address Loopback100
crypto map StaticMap client authentication list UserVPN
crypto map StaticMap isakmp authorization list GroupVPN
crypto map StaticMap client configuration address respond
crypto map StaticMap 20 ipsec-isakmp dynamic DynamicVPN
!
--> access-list 101 permit ip 192.168.10.0 0.0.0.255 any

Hi Georg,

Sorry that didn't work.

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers