Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
597
Views
0
Helpful
2
Replies

Setting up Remote Access IPSEC VPN

hirani89
Level 1
Level 1

‎04-18-2021 02:11 AM

Hi,

Here is my config. I am not able to connect to VPN.

Building configuration...


Current configuration : 5979 bytes
!
! Last configuration change at 08:40:03 UTC Sun Apr 18 2021 by root
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RRouter
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
no ipv6 cef
ip source-route
ip cef
!
!
!
ip multicast-routing
ip dhcp excluded-address 192.168.10.1 192.168.10.50
ip dhcp excluded-address 192.168.20.1 192.168.20.50
ip dhcp excluded-address 192.168.1.1 192.168.1.50
ip dhcp excluded-address 192.168.10.101 192.168.10.254
ip dhcp excluded-address 192.168.101.1 192.168.101.10
ip dhcp excluded-address 192.168.30.1 192.168.30.50
ip dhcp excluded-address 192.168.40.1 192.168.40.10
!
ip dhcp pool ONE
 network 192.168.1.0 255.255.255.0
 dns-server 192.168.10.1
 default-router 192.168.1.1
!
ip dhcp pool TEN
 network 192.168.10.0 255.255.255.0
 dns-server 1.1.1.1 1.0.0.1
 default-router 192.168.10.1
!
ip dhcp pool TWENTY
 network 192.168.20.0 255.255.255.0
 dns-server 1.1.1.1 1.0.0.1
 default-router 192.168.20.1
!
ip dhcp pool ONEOONE
 network 192.168.101.0 255.255.255.0
 dns-server 1.1.1.1 1.0.0.1
 default-router 192.168.101.1
!
ip dhcp pool THIRTY
 network 192.168.30.0 255.255.255.0
 default-router 192.168.30.1
 dns-server 1.1.1.1 1.0.0.1
!
ip dhcp pool Wifi_Camera
!
ip dhcp pool fourty
 network 192.168.40.0 255.255.255.0
 dns-server 1.1.1.1 1.0.0.1
 default-router 192.168.40.1
!
ip dhcp pool FIFTY
 network 192.168.50.0 255.255.255.0
 default-router 192.168.50.1
 dns-server 1.1.1.1 1.0.0.1
!
ip dhcp pool WIN1
 host 192.168.10.76 255.255.255.0
 client-identifier 01fc.aa14.28be.c0
!
ip dhcp pool HA Server
 host 192.168.10.2 255.255.255.0
 client-identifier 01b8.27eb.8ee9.95
!
!
ip domain name ssmt.local
ip name-server 1.1.1.1
ip name-server 1.0.0.1
!
multilink bundle-name authenticated
!
!
!
!
!
crypto pki token default removal timeout 0
!
!
voice-card 0
!
!
!
!
!
!
!
license udi pid CISCO2921/K9 sn FGL171712X4
hw-module pvdm 0/0
!
!
!
username root privilege 15 password 0 password
username user secret 4 GK32328zogUw41aNsnIiZ9irs2rALsySwMouCKQYxus
!
redundancy
!
!
!
!
ip ssh version 2
!
!
crypto isakmp policy 100
 encr aes 256
 authentication pre-share
 group 20
 lifetime 3600
!
crypto isakmp client configuration group GroupVPN
 key groupkey
 pool VPNPool
!
!
crypto ipsec transform-set SetVPN esp-aes esp-sha-hmac
!
crypto dynamic-map DynamicVPN 100
 set transform-set SetVPN
 reverse-route
!
!
crypto map StaticMap client authentication list UserVPN
crypto map StaticMap isakmp authorization list GroupVPN
crypto map StaticMap client configuration address respond
crypto map StaticMap 20 ipsec-isakmp dynamic DynamicVPN
!
!
!
!
!
interface Loopback100
 description hairpin
 ip address 169.254.255.254 255.255.255.255
 ip nat inside
 ip virtual-reassembly in
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 no ip address
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/0.100
 description -Internet-
 encapsulation dot1Q 100
 ip address 123.123.123.123 255.255.255.252
 no ip redirects
 ip nat outside
 ip nat enable
 ip virtual-reassembly in
 crypto map StaticMap
!
interface GigabitEthernet0/1
 no ip address
 ip pim dense-mode
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/1.1
 encapsulation dot1Q 1 native
 ip address 192.168.1.1 255.255.255.0
 ip pim dense-mode
 ip nat inside
 ip virtual-reassembly in
 ip cgmp
!
interface GigabitEthernet0/1.10
 encapsulation dot1Q 10
 ip address 192.168.10.1 255.255.255.0
 ip pim dense-mode
 ip nat inside
 ip virtual-reassembly in
 ip cgmp
!
interface GigabitEthernet0/1.20
 encapsulation dot1Q 20
 ip address 192.168.20.1 255.255.255.0
 ip pim dense-mode
 ip nat inside
 ip virtual-reassembly in
 ip cgmp
!
interface GigabitEthernet0/1.30
 encapsulation dot1Q 30
 ip address 192.168.30.1 255.255.255.0
 ip pim dense-mode
 ip nat inside
 ip virtual-reassembly in
 ip cgmp
!
interface GigabitEthernet0/1.40
 encapsulation dot1Q 40
 ip address 192.168.40.1 255.255.255.0
 ip pim dense-mode
 ip nat inside
 ip virtual-reassembly in
 ip cgmp
!
interface GigabitEthernet0/1.50
 encapsulation dot1Q 50
 ip address 192.168.50.1 255.255.255.0
 ip pim dense-mode
 ip nat inside
 ip virtual-reassembly in
 ip cgmp
!
interface GigabitEthernet0/1.101
 encapsulation dot1Q 101
 ip address 192.168.101.1 255.255.255.0
 ip pim dense-mode
 ip nat inside
 ip virtual-reassembly in
 ip cgmp
!
interface GigabitEthernet0/2
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface GigabitEthernet0/1/0
 no ip address
 shutdown
 negotiation auto
!
!
ip local pool VPNPool 192.168.10.20 192.168.10.50
ip default-gateway 123.123.123.122
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip dns server
ip nat source static tcp 192.168.10.1 22 interface GigabitEthernet0/0.100 10122
ip nat inside source list NAT interface GigabitEthernet0/0.100 overload
ip nat inside source static tcp 192.168.30.3 8000 interface GigabitEthernet0/0.100 18000
ip nat inside source static udp 192.168.30.3 8000 interface GigabitEthernet0/0.100 18000
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0.100 27.32.231.217
!
ip access-list standard NAT
 permit 192.168.0.0 0.0.255.255
!
ip access-list extended NatPin
 permit ip 192.168.0.0 0.0.255.255 any
 permit ip 192.168.30.0 0.0.0.255 any
!
!
!
!
!
route-map NAT_PBR permit 10
 set interface Loopback100
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
gatekeeper
 shutdown
!
!
!
line con 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 privilege level 15
 login local
 transport input ssh
line vty 5 15
 login local
 transport input all
!
scheduler allocate 20000 1000
end

 

0 Helpful
2 Replies 2

Georg Pauwen
VIP
VIP

‎04-18-2021 08:15 AM

Hello,

 

try and add the lines marked in bold:

 

crypto dynamic-map DynamicVPN 100
set transform-set SetVPN
--> match address 101
reverse-route
!
--> crypto map StaticMap local-address Loopback100
crypto map StaticMap client authentication list UserVPN
crypto map StaticMap isakmp authorization list GroupVPN
crypto map StaticMap client configuration address respond
crypto map StaticMap 20 ipsec-isakmp dynamic DynamicVPN
!
--> access-list 101 permit ip 192.168.10.0 0.0.0.255 any

0 Helpful

hirani89
Level 1
Level 1
In response to Georg Pauwen

‎04-19-2021 11:40 PM

Hi Georg,

Sorry that didn't work.

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card