cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

555
Views
0
Helpful
0
Replies
Highlighted
Beginner

Cisco 851 VPN keeps disconnecting users

I think I might have a hardware problem with my 851, but I thought I'd double check here. I have an 851 with VPN access and the clients behind the 851 have remote access to them via VNC.  Everything was working up to about a week ago, when I started having the problem. Here's the problem:

When a user connects to the VPN and tries to use VNC to remote into one of the clients  it connects to the client but all they get is a black screen. If they colse VNC, and try to connect again, they are unable to. The only way they can reconnect using VNC is if they diconnect from the VPN and reconnect to it, but then they get a black screen when they try to VNC into the remote computer. I tried rebooting the remote computers, but that didn't help.

The last couple of days I noticed that if I am connected to the VPN I will get disconnected after about 2 minutes. I rebooted the router but that didn't fix the problem either.

Nothing has changed in the config since the router was working. Here is the startup config:

Building configuration...

Current configuration : 3387 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname *Host*

!

boot-start-marker

boot-end-marker

!

no logging buffered

enable secret 5 $1$ePDD$ijslwDCnljz232ikk30PL/

!

aaa new-model

!

!

aaa authentication login default local

aaa authentication login ciscocp_vpn_xauth_ml_1 local

aaa authorization exec default local

aaa authorization network ciscocp_vpn_group_ml_1 local

!

!

aaa session-id common

!

!

dot11 syslog

no ip dhcp use vrf connected

ip dhcp excluded-address 10.10.0.1 10.10.10.99

ip dhcp excluded-address 10.10.10.201 10.10.255.254

!

ip dhcp pool vlan1

   import all

   network 10.10.0.0 255.255.0.0

   default-router 10.10.10.1

   dns-server 207.229.52.2 205.233.109.40

!

!

ip cef

ip name-server 207.229.52.2

ip name-server 205.233.109.40

!

!

!

username admin privilege 15 password 0 *Password*

username operator privilege 7 secret 5 $1$rHHQ$prD8o7Nc75TKImW5cqMn6.

!

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp key *Password* address 208.38.##.##

!

crypto isakmp client configuration group remote

key 1rr1can

pool SDM_POOL_1

acl 102

max-users 20

netmask 255.255.0.0

crypto isakmp profile ciscocp-ike-profile-1

   match identity group remote

   client authentication list ciscocp_vpn_xauth_ml_1

   isakmp authorization list ciscocp_vpn_group_ml_1

   client configuration address respond

   virtual-template 1

!

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac

!

crypto ipsec profile CiscoCP_Profile1

set transform-set ESP-3DES-SHA

set isakmp-profile ciscocp-ike-profile-1

!

!

crypto map SDM_CMAP_1 1 ipsec-isakmp

description Tunnel to208.38.##.##

set peer 208.38.##.##

set transform-set ESP-3DES-SHA1

match address 100

!

crypto ctcp port 10000

archive

log config

  hidekeys

!

!

!

!

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

description $ETH-WAN$$ES_WAN$

ip address 208.38.8.##255.255.255.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

crypto map SDM_CMAP_1

!

interface Virtual-Template1 type tunnel

ip unnumbered Vlan1

tunnel mode ipsec ipv4

tunnel protection ipsec profile CiscoCP_Profile1

!

interface Vlan1

ip address 10.10.10.1 255.255.0.0

ip nat inside

ip virtual-reassembly

!

ip local pool SDM_POOL_1 10.10.9.100 10.10.9.200

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 208.38.8.1

!

ip http server

no ip http secure-server

ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload

!

access-list 1 remark INSIDE_IF=Vlan1

access-list 1 remark CCP_ACL Category=2

access-list 1 permit 10.10.0.0 0.0.255.255

access-list 100 remark CCP_ACL Category=4

access-list 100 remark IPSec Rule

access-list 100 permit ip 10.10.0.0 0.0.255.255 10.12.0.0 0.0.0.255

access-list 101 remark CCP_ACL Category=2

access-list 101 remark IPSec Rule

access-list 101 deny   ip 10.10.0.0 0.0.255.255 10.12.0.0 0.0.0.255

access-list 101 permit ip 10.10.0.0 0.0.255.255 any

access-list 102 remark CCP_ACL Category=4

access-list 102 permit ip 10.10.0.0 0.0.255.255 any

route-map SDM_RMAP_1 permit 1

match ip address 101

!

!

control-plane

!

!

line con 0

no modem enable

line aux 0

line vty 0 4

!

scheduler max-task-time 5000

end

  Any ideas what could be causing this?

Thanks,

Everyone's tags (6)
CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards
This widget could not be displayed.