05-23-2002 01:49 AM - edited 02-21-2020 11:45 AM
Hi, I have a big problema with my vpn, when I connect with the router via internet and cisco client vpn 3.5 I haven´t any problem. I can see my servers on my LAN via ping with my dns server but my problem is when i want to use the lan resources, my printers or my sharing folder I can´t. I dont Know what is the problem.
This is may configuration router:
Current configuration : 3389 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname CISCOADSL
!
aaa new-model
!
!
aaa authentication login userauthen local
aaa authorization network groupauthor local
aaa session-id common
enable secret xxxxxxxxxxxxxxxxxxxxxxxxxx
enable password 7 xxxxxxxxxxxxxxxxxxxxx
!
username COMAcceso password xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
username xxxxxxxxxxxx password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
crypto isakmp key xxxxxxxxxxxxxx address xxxxxxxxxxxxxxxxxxx
crypto isakmp key xxxxxxxxxxxxxxxaddress xxxxxxxxxxxxxxxxxxx
!
crypto isakmp client configuration group rasvpn
key cisco123
dns 192.168.143.70
wins 192.168.143.64
domain voiceware.net
pool ippool
acl 101
!
!
crypto ipsec transform-set vpn-transform esp-des esp-md5-hmac
crypto ipsec transform-set ras-transform esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 10
set transform-set ras-transform
!
!
crypto map vpnclient 1 ipsec-isakmp
set peer xxxxxxxx
set transform-set vpn-transform
match address 107
crypto map vpnclient 2 ipsec-isakmp
set peer xxxxxxxxx
set transform-set vpn-transform
match address 109
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!
!
interface Loopback0
no ip address
!
interface Ethernet0
ip address 192.168.143.5 255.255.255.0
ip nat inside
no ip mroute-cache
hold-queue 100 out
!
interface ATM0
no ip address
no ip mroute-cache
no atm ilmi-keepalive
pvc 0/33
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
bundle-enable
dsl operating-mode auto
hold-queue 224 in
!
interface Dialer0
ip address negotiated
ip nat outside
encapsulation ppp
no ip route-cache
no ip mroute-cache
dialer pool 1
ppp authentication chap
ppp chap hostname xxxxxxxxxxxxxxx
ppp chap password xxxxxxxxxxxxxxx
crypto map clientmap
!
ip local pool ippool 192.168.144.1 192.168.144.254
ip nat inside source route-map nonat interface Dialer0 overload
ip nat inside source static tcp 192.168.143.70 110 212.145.203.130 110 extendabl
e
ip nat inside source static tcp 192.168.143.70 80 212.145.203.130 80 extendable
ip nat inside source static tcp 192.168.143.70 25 212.145.203.130 25 extendable
ip nat inside source static tcp 192.168.143.65 1352 212.145.203.130 1352 extenda
ble
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
ip pim bidir-enable
!
!
access-list 101 deny ip 192.168.143.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 101 permit ip 192.168.143.0 0.0.0.255 any
access-list 107 permit ip 192.168.143.0 0.0.0.255 192.168.146.0 0.0.0.255
access-list 107 permit ip 192.168.145.0 0.0.0.255 192.168.146.0 0.0.0.255
access-list 109 permit ip 192.168.143.0 0.0.0.255 192.168.145.0 0.0.0.255
access-list 109 permit ip 192.168.146.0 0.0.0.255 192.168.145.0 0.0.0.255
!
route-map nonat permit 1
match ip address 101
!
!
line con 0
stopbits 1
line vty 0 4
password xxxxxxxxxxxxxxxxxx
!
scheduler max-task-time 5000
end
ANYBODY CAN HELP ME THANKS
05-23-2002 12:25 PM
Are you able to map the drives via the ip address?
Mapping the drives typically use WINS server for name resolution rather than dns server
Jazib
05-27-2002 03:53 AM
Yes, I use the ip address but I can´t use the lan resources
Anyboy can help me ¿¿¿
Thanks
05-27-2002 04:07 AM
Try removing the route-map and assign the NAT command directly to the access-list as follows:
ip nat inside source list 101 interface Dialer1 overload
I had the same problem, I didn't do deep tests, but it worked for me!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide