I note that access list 1 and 2 would be  standard access lists but re coded like an extended access list. If this part of posted config is not right what else might be misleading?

HTH

Rick

Hallo Richard, 

thanks for replay , my tunnel works and only problem is traffic going through the tunnel, Please kindly guide me with CLI command to configure the access-list. 

thank and regards Anees

Hello,

post the running configuration so we can see what is missing...

Hello,

with your current configuration, you have no Internet access because you do nat have any NAT statements configured. When you say that everything is working except for the traffic flowing through the tunnel, what exactly is working ?

In you drawing, there are two GPRS connections, the router however only has one connection configured.

Either way, at the very least, to get traffic flowing through the tunnel, add the below (in bold) to your configuration:

crypto keyring GPRS
pre-shared-key address 0.0.0.0 0.0.0.0 key GPRS
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
lifetime 28800
crypto isakmp profile GPRS
keyring GPRS
match identity address 192.168.1.16 255.255.255.255
match identity address 192.168.1.25 255.255.255.255
crypto ipsec transform-set GPRS esp-aes esp-sha-hmac
mode tunnel
crypto dynamic-map VPN-CLIENT 10
set security-association lifetime seconds 28800
set transform-set GPRS
set isakmp-profile GPRS
match address 101
crypto map VPN 65535 ipsec-isakmp dynamic VPN-CLIENT
!
!
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
description ### Internetanschluss ###
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip virtual-reassembly in
duplex auto
speed auto
pppoe enable group global
Frei verwendbar
pppoe-client dial-pool-number 2
no cdp enable
!
interface Vlan1
ip address 192.168.1.1 255.255.255.240
!
interface Dialer0
description ### t mobile ###
ip address negotiated
ip access-group 2 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip flow ingress
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 2
dialer-group 1
ppp authentication chap callin
ppp chap hostname t mobile@vodafome-tel.com
ppp chap password 7 51464458
no cdp enable
crypto map VPN
!
ip route 0.0.0.0 0.0.0.0 Dialer0
access-list 2 permit udp any host 80.140.2.1 eq isakmp
access-list 2 permit esp any host 80.140.2.1
access-list 101 permit ip 192.168.1.0 0.0.0.15 192.168.1.16 0.0.0.7
access-list 101 permit ip 192.168.1.0 0.0.0.15 192.168.1.25 0.0.0.7
dialer-list 1 protocol ip permit

hallo Georg

well i have only problem with traffic going through the tunnel, rest is working!! as attachment.

The Traffic is going through encrypted VPN Tunnel, it's really requried to have extra NAT inside configuration??

please guide me

Hallo Georg.

thank you so much for your kind replay. here is the configuration and as well also Network Diagramm ( as Attachement ). Just for Network Topology i took different Piktogramm, but Original i am using Tenny.

thanks and regards