Hi,

I have a Cisco 887VA configured as a VPN connection on my fixed IP address.
From the Cisco itself I can Ping and SSH into the 2 Servers I have on IP Addresses: 10.0.0.2 and 10.0.0.3 (statically assigned at the server to be in the VLAN1 range I need to VPN into).

However when I try to SSH the boxes once I have a CISCO VPN Client running over the internet I get no response.  Does anyone have any ideas? 

Effectively I want to VPN in, get an IP address in the same range as the servers (working as advertised) and then be able to SSH the servers remotely (this is the bit that doesnt work).  Is this possible?

The redacted CISCO 887VA Configuration is as follows,

Thanks in advance,

J.

Config:

Building configuration...

!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 887VA
!
boot-start-marker
boot-end-marker
!
!
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
!
!
!
!
!
aaa session-id common
memory-size iomem 10
!
crypto pki trustpoint TP-self-signed-4026781950
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-4026781950
 revocation-check none
 rsakeypair TP-self-signed-4026781950
!
!
crypto pki certificate chain TP-self-signed-4026781950
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 34303236 37383139 3530301E 170D3134 30353233 31323335
  34325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 30323637
  38313935 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  810090C5 FF17806A 8341FFFE ABAC3603 BBFF41A0 820C7622 193DCF0F 67E1A8FC
  7E5F022E D6F1EBD8 CD6004A4 74B772DB B3E80B7B 695BB4AD B930BDC2 0F39717A
  D624429A C7F4D43A B6F6BEBF E3DF07BD 1FAA4B53 8617A82F 92E2421C BBC4277C
  17AB4D11 868A1F6D 6B7FC661 5B8C0CF7 8073B2B6 A61BA7A2 BE723D39 F1267697
  902D0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 141FFEE7 7BD65713 428D7FE7 D2136CEA BD25BE08 DD301D06
  03551D0E 04160414 1FFEE77B D6571342 8D7FE7D2 136CEABD 25BE08DD 300D0609
  2A864886 F70D0101 05050003 8181008D DAC24E38 D09D8BB6 03AF4AB8 FF2779B6
  3A921A66 8D7A848D 5B86B190 A79B5826 449CFC87 EB3CD79D BE67FAE5 85C22DDA
  7CEDC9BF 3F437E32 5472D448 B849A2A8 2BAE6B1B 9E476D3B 32111C7B 98843F1C
  8855DFDC 8195E455 70CACB63 1D0788EA 5260BC77 29701D66 9B209274 32C97B64
  3CE977FE A7CA1BA4 C68F6FFE 2FD88D
        quit
!
!
!
!

!
!
!
!
ip name-server 194.72.9.38
ip name-server 194.72.9.34
ip name-server 194.72.0.98
ip name-server 194.72.0.114
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO887VA-SEC-K9 sn FCZ1806C4Z6
!
!
username HHAdmin privilege 15 secret 4 oArOwHY.G7mYl96WVWpLXRYl8uu5KW4znvxy.yGI1Bw
username XXXXXXXXXXXXXXXXXXX privilege 15 password 0 XXXXXXXXXXXXXXXXXXXXXX
username XXXXXXXXXXXXXXXXXXX password 0 XXXXXXXXXXXXXXXXXXXXXX
!
!
!
!
!
controller VDSL 0
 operating mode adsl2+
 modem ukfeature
!
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp client configuration group xxxxxxxxxxxxxx
 key xxxxxxxxx
 pool SDM_POOL_1
 max-users 5
 netmask 255.255.255.0
crypto isakmp profile ciscocp-ike-profile-1
   match identity group VPN_HH_ACDM
   client authentication list ciscocp_vpn_xauth_ml_1
   isakmp authorization list ciscocp_vpn_group_ml_1
   client configuration address respond
   virtual-template 1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
 mode tunnel
!
crypto ipsec profile CiscoCP_Profile1
 set transform-set ESP-3DES-SHA
 set isakmp-profile ciscocp-ike-profile-1
!
!
!
!
!
!
!
interface Loopback0
 ip address 10.10.10.10 255.255.255.0
!
interface Ethernet0
 no ip address
 shutdown
!
interface ATM0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no atm ilmi-keepalive
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet0
 no ip address
!
interface FastEthernet1
 no ip address
 shutdown
!
interface FastEthernet2
 no ip address
 shutdown
!
interface FastEthernet3
 no ip address
 shutdown
!
interface Virtual-Template1 type tunnel
 ip unnumbered Loopback0
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile CiscoCP_Profile1
!
interface Vlan1
 ip address 10.0.0.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly in
!
interface Dialer0
 ip address xxxx.xxxx.xxxx.xxx 255.255.255.254
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap callin
 ppp chap hostname xxxxxxxxxxxxxxxxxxxxxxxxxxxx
 ppp chap password 0 xxxxxxxxxxxxxxxxxxxxxxxxxx
 ppp ipcp mask request
 ppp ipcp route default
 ppp ipcp address accept
 no cdp enable
!
ip local pool SDM_POOL_1 10.0.0.100 10.0.0.104
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source static tcp 10.0.0.2 22 interface Dialer0 22
ip nat inside source static udp 10.0.0.2 23 interface Dialer0 23
ip nat inside source static tcp 10.0.0.3 23 interface Dialer0 23
ip nat inside source static udp 10.0.0.3 22 interface Dialer0 22
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
access-list 1 permit 10.0.0.0 0.0.0.255
!
!
!
!
control-plane
!
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 transport input telnet ssh
 transport output telnet ssh
line vty 5 15
 transport input telnet ssh
 transport output telnet ssh
!
!
end

887VA#