Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1161
Views
0
Helpful
1
Replies

VPN - No internet after connection L2TP IPsec

Luffy120
Level 1
Level 1

‎07-09-2019 06:42 AM - edited ‎02-21-2020 09:41 PM

So I was creating VPN connection on my router from this guide https://community.cisco.com/t5/security-documents/l2tp-over-ipsec-on-cisco-ios-router-using-windows-8/ta-p/3142831

 

And after that I can connect but there is no internet connection. I dont have any access to other pc or servers from this network ect. Where I did a mistake? I will be thankfull If u do this like for newbie in cisco.

My previous thread: https://community.cisco.com/t5/vpn-and-anyconnect/vpn-access-from-internet-to-home-through-cisco-1111-8p/m-p/3886790

 

version 16.8
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname Cielimowo
!
boot-start-marker
boot-end-marker
!
!
!
aaa new-model
!
!
aaa authentication ppp VPDN_AUTH local
!
!
!
!
!
!
aaa session-id common
!
ip name-server 213.92.X.X 31.11.X.X 37.8.X.X
ip domain name cielimowo.com
!
ip dhcp pool siec
 network 192.168.1.0 255.255.255.0
 default-router 192.168.1.1
 domain-name siec.com
 dns-server 213.92.X.X 213.92.X.X
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
!
!
!
!
!
!
multilink bundle-name authenticated
vpdn enable
!
vpdn-group L2TP
 ! Default L2TP VPDN group
 accept-dialin
  protocol l2tp
  virtual-template 1
 no l2tp tunnel authentication
!
!
flow record defaultApplicationTraffic
 match ipv4 protocol
 match ipv4 source address
 match ipv4 destination address
 match transport source-port
 match transport destination-port
 collect transport tcp flags
 collect counter packets long
 collect timestamp sys-uptime first
 collect timestamp sys-uptime last
!
!
flow exporter export_Gi0_0_1_213.92.X.X_192.168.1.7
 destination 192.168.1.7
 source GigabitEthernet0/0/1
 transport udp 2055
!
!
flow monitor datXGi0_0_1_d55ce208_c0a80107
 exporter export_Gi0_0_1_213.92.X.X_192.168.1.7
 record defaultApplicationTraffic
!
!
!
!
crypto pki trustpoint TP-self-signed-2236784358
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2236784358
 revocation-check none
 rsakeypair TP-self-signed-2236784358
!
!
crypto pki certificate chain TP-self-signed-2236784358
 certificate self-signed 01
  30820330 ...
!
crypto pki certificate pool
 cabundle nvram:ios_core.p7b
!
license udi pid C1111-8PLTEEA sn FCZ2319XXXX
no license smart enable
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
!
username admin privilege 15 password 0 XXXXX
username szczepan privilege 15 secret 5 $1$TcK8$EiG4bZ6gFw9o82vsYuEaN1
username szczepanvpn privilege 15 password 0 XXXXX
!
redundancy
 mode none
!
!
!
!
controller Cellular 0/2/0
 lte modem link-recovery disable
!
!
vlan internal allocation policy ascending
!
!
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key FXXXon address 0.0.0.0
!
!
crypto ipsec transform-set L2TP-Set2 esp-3des esp-sha-hmac
 mode transport
!
!
!
crypto dynamic-map dyn-map 10
 set nat demux
 set transform-set L2TP-Set2
!
!
crypto map outside_map 65535 ipsec-isakmp dynamic dyn-map
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 192.168.2.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface Loopback1
 description loopback for IPsec-pool
 ip address 1.1.1.11 255.255.255.255
!
interface GigabitEthernet0/0/0
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet0/0/1
 ip flow monitor datXGi0_0_1_d55ce208_c0a80107 input
 ip flow monitor datXGi0_0_1_d55ce208_c0a80107 output
 ip dhcp relay information option server-id-override
 ip dhcp server use subscriber-id client-id
 ip address dhcp
 ip nat outside
 negotiation auto
 crypto map outside_map
 ip virtual-reassembly
!
interface GigabitEthernet0/1/0
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface GigabitEthernet0/1/4
!
interface GigabitEthernet0/1/5
!
interface GigabitEthernet0/1/6
!
interface GigabitEthernet0/1/7
!
interface Cellular0/2/0
 ip address negotiated
 ipv6 enable
!
interface Cellular0/2/1
 no ip address
 shutdown
!
interface Virtual-Template1
 ip unnumbered Loopback1
 peer default ip address pool l2tp-pool
 ppp authentication ms-chap-v2 VPDN_AUTH
!
interface Vlan1
 ip address pool siec
 ip nat inside
!
ip local pool l2tp-pool 1.1.1.1 1.1.1.10
ip nat inside source list 1 interface GigabitEthernet0/0/1 overload
ip nat inside source list NAT interface GigabitEthernet0/0/1 overload
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http secure-port 6514
ip http timeout-policy idle 60 life 86400 requests 10000
ip route 0.0.0.0 0.0.0.0 213.92.X.X
!
!
ip access-list extended NAT
 deny   ip 192.168.2.0 0.0.0.255 1.1.1.0 0.0.0.255
 permit ip 192.168.1.0 0.0.0.255 any
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
!
!
!
!
!
control-plane
!
!
line con 0
 transport input none
 stopbits 1
line vty 0 4
 exec-timeout 5 0
 transport input ssh
line vty 5 97
 exec-timeout 5 0
 transport input ssh
!
wsma agent exec
!
wsma agent config
!
wsma agent filesys
!
wsma agent notify
!
!
end
0 Helpful
1 Reply 1

Luffy120
Level 1
Level 1

‎07-10-2019 09:39 AM

any help pls?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents