12-29-2005 08:27 AM
Hi,
I have a Cisco 2600 connected to a 2950. I would like to allow VPN access via ADSL to the local network via Cisco VPN client. e.g
VPN Client --> ADSL Cloud --> 2600 --> 2950
I have searched cisco.com and forum.cisco.com and can't find how to configure this. Any assistance would be much appreciated!
Regards
J
12-29-2005 10:25 AM
Take a look at this sample config. This should help point you in the right direction.
Steve
12-30-2005 04:28 AM
below are the sample codes:
aaa new-model
aaa authentication login vpnauthen local
aaa authorization network vpnauthor local
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group vpngroup
key xxxxxxxx
pool vpnpool
acl 130
crypto ipsec transform-set vpnset esp-3des esp-md5-hmac
crypto dynamic-map dynmap 10
set transform-set vpnset
crypto map vpnmap client authentication list vpnauthen
crypto map vpnmap isakmp authorization list vpnauthor
crypto map vpnmap client configuration address respond
crypto map vpnmap 10 ipsec-isakmp dynamic dynmap
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
ip nat inside
interface Dialer0
ip address
ip nat outside
crypto map vpnmap
ip local pool vpnpool 10.1.1.1 10.1.1.10
ip nat inside source route-map nonat interface Dialer0 overload
access-list 101 deny ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 130 permit ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255
route-map nonat permit 10
match ip address 101
01-23-2006 06:31 AM
Hi,
Thank you very much for your response. I tried to impliment the solution that you suggested but I recived the following error message in the cisco VPN client:
Cisco Systems VPN Client Version 4.8.00.0440
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 2
15 18:01:26.020 01/22/06 Sev=Warning/2 IKE/0xA3000067
Received an IPC message during invalid state (IKE_MAIN:507)
16 18:01:40.011 01/22/06 Sev=Warning/3 IKE/0xE3000084
The length, 0, of the Mode Config option, INTERNAL_IPV4_NETMASK, is invalid
17 18:01:42.384 01/22/06 Sev=Warning/2 CVPND/0xE3400013
AddRoute failed to add a route: code 87
Destination 192.168.0.255
Netmask 255.255.255.255
Gateway 192.168.6.3
Interface 192.168.6.3
18 18:01:42.404 01/22/06 Sev=Warning/2 CM/0xA3100024
Unable to add route. Network: c0a800ff, Netmask: ffffffff, Interface: c0a80603, Gateway: c0a80603.
Any Ideas ?
Regards
J
01-23-2006 02:21 PM
the log suggests that there is a failure when adding route onto the local pc.
just wondering what the local pc subnet scheme is. verify it's not overlapping with the vpn client pool configured on the pix.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide