cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1453
Views
10
Helpful
9
Replies

2811 router using ezvpn. Clients can connect and ping, but can not rdp or access the internet.

Audy
Level 1
Level 1

Building configuration...


Current configuration : 4557 bytes
!
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Office-Router
!
boot-start-marker
boot-end-marker
!
!
!
aaa new-model
!
!
aaa group server radius Radius-server1
server-private 172.27.7.110 key xxxxxx
ip radius source-interface FastEthernet0/1
!
aaa authentication login default group Radius-server1 local
aaa authentication login console group Radius-server1 local
aaa authorization console
aaa authorization exec default group Radius-server1 local
aaa authorization network Radius-server1 local
!
!
!
!
!
aaa session-id common
!
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
!
ip domain name xxxxxxx
ip host xxxxxxxx 172.27.7.110
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
!
!
!
!
redundancy
!
!
ip ssh version 2
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group VPN
key xxxxxxxx
dns 172.27.7.110 8.8.8.8
domain xxxxxxx
acl VPN-ACL
dhcp server 172.27.7.110
max-logins 5
netmask 255.255.255.0
!
!
crypto ipsec transform-set VPN_SET esp-3des esp-md5-hmac
!
crypto dynamic-map VPN-Map 10
set transform-set VPN_SET
reverse-route
!
!
!
crypto map VPN-Map client authentication list Radius-server1
crypto map VPN-Map isakmp authorization list Radius-server1
crypto map VPN-Map client configuration address initiate
crypto map VPN-Map client configuration address respond
crypto map VPN-Map 10 ipsec-isakmp dynamic VPN-Map
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map VPN-Map
!
interface FastEthernet0/1
ip address 172.27.7.101 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list NAT interface FastEthernet0/0 overload
!
ip access-list extended VPN-ACL
permit ip 172.27.7.0 0.0.0.255 any
ip access-list extended NAT
permit ip 172.27.7.0 0.0.0.255 any
!
!
!
!
!
!
!
radius-server directed-request
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
!
line con 0
exec-timeout 20 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 20 0
logging synchronous
monitor
transport input ssh
!
scheduler allocate 20000 1000
end

 

9 Replies 9

leinad427
Level 1
Level 1

so I can only assume based on your statement that are able to ping the workstation or server that you are trying to RDP successfully and if so. do you have any fire wall in place that is preventing port 3389?

 

if you are able to ping the node you are trying to rdp too then the issue is not with the vpn/router etc... it has to do with the end device... example if you have server and your trying to log onto a workstation do you have a GPO enabled that is preventing RDP or a firewall on the server or a firewall device that is preventing it..

 

anyways with out more details it is hard to assist you

Hello

I don't see any default route in the configuration you posted.

 

ip route 0.0.0.0 0.0.0.0 fa0/0 dhcp

 

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Okay, Thanks for the replies.

 

So this is on my home network for training purposes. Their is no firewall it's just the 2811 router which connect to a 3750 switch, and i also have a server 2016 running ad, dhcp, dns, nps. The router with the ezvpn is getting it's user from the nps server and i have given the users i have created domain admin. I can rdp or whatever i want inside my network, but when i connect the vpn it will allow me to ping any device, but I can not access any shared drives, rdp, ssh or printers on the network.

 

I added the default route, and still no luck

Hello

Apologies, dont quite understand your setup - So your internal to the network and then you also fire up a vpn? correct

 

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Sorry, so when I’m connected to another network and When i vpn into my network I can ping any device but I’m unable to rdp or ssh

Hello

 


@Audy wrote:
Sorry, so when I’m connected to another network and When i vpn into my network I can ping any device but I’m unable to rdp or ssh

This other network is external to your internal network correct (ie: from internet)

Can you clarify If when your on your internal network ( that is no vpn ) just locally connected you can RDP ssh etc. successfully?

res
Paul

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

I apologize if i'm phrasing it incorrectly. Yes, when I'm local (with no VPN) I can rdp and ssh. 

and yes the other network is external and in no way connected to the lan

Did you ever figure this out? sorry had a long work week wasn't able to check your replies...

 

 

Okay so this is a home lab you've setup and you can access your RDP internally........... 

 

How do you have your "cisco ISR" connected? every ISP provides a modem or modem/router do you have one of these?? and if so have you verified that the firewall is not preventing RDP in any way??

 

 

What does your setup look like??

ISP> ISP MODEM/ROUTER> CISCO ROUTER>>> etc??