Hi guys,

I would like to seek some advice on my network setup.

pc running vpnclient (10.0.1.2)

|

<internet>

|

(int e0/0 dynamic ip)

Cisco 2611 (NAT and VPN server)

(int e0/1 10.0.0.1/24)

|

<ethernet>

|

server (10.0.0.100/24)

with regards to the following setup, currently from my pc vpnclient, i cannot access my server though my vpn connection is setup succesfully.

could someone please enlighten me on how to troubleshoot this?.. thanks in advance.

below is the relevant parts of my config

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

!

crypto isakmp client configuration group MYGROUP

key VPNKEY

domain vpn.xxx.com

pool vpnpool

acl vpnpool

!

!

crypto ipsec transform-set ESP-3DES esp-3des esp-sha-hmac

!

crypto dynamic-map CRYPTO_MAP 1

set security-association lifetime seconds 86400

set transform-set ESP-3DES

reverse-route

!

!

crypto map CRYPTO_MAP client authentication list authenList

crypto map CRYPTO_MAP isakmp authorization list authorList

crypto map CRYPTO_MAP client configuration address respond

crypto map CRYPTO_MAP 20 ipsec-isakmp dynamic CRYPTO_MAP

!

!

!

!

interface Ethernet0/0

ip address dhcp

ip access-group OUTSIDEACL in

ip nat outside

ip inspect FW out

half-duplex

no cdp enable

crypto map CRYPTO_MAP

!

interface Ethernet0/1

ip address 10.0.0.1 255.255.255.0

ip nat inside

full-duplex

no cdp enable

ip access-list extended OUTSIDEACL

deny icmp any any

permit tcp any any eq 22

permit tcp any any eq 25421

permit tcp any any eq 8022

permit tcp any any eq 9022

permit tcp any any eq 8080

permit udp any eq isakmp any eq isakmp

permit esp any any

deny tcp any any

permit udp any eq ntp any

permit udp any eq bootps any

deny udp any any

deny ip any any

ip access-list extended vpnpool

permit ip 10.0.1.0 0.0.0.255 10.0.0.0 0.0.0.255

permit ip 10.0.0.0 0.0.0.255 10.0.1.0 0.0.0.255