- Cisco Community
- Technology and Support
- Security
- VPN
- Connected to EZVPN but can't access LAN on remote side
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Connected to EZVPN but can't access LAN on remote side
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-09-2013 04:09 PM
Hi all!
I am new to vpns, but I was able to configure a basic vpn on a Cisco 2921. I am able to connect to the vpn and I want to reach the servers on the remote lan however I cannot access anything after the inside local interface of the router. I configured NAT exemption but still nothing. Below is the configuration. Please help!
version 15.0
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname xxxxxx
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxx
!
aaa new-model
!
!
aaa authentication login vpn-authentication local
aaa authorization network vpn-group local
!
!
!
!
!
aaa session-id common
!
!
!
clock timezone EST -5
clock summer-time EDT recurring
!
no ipv6 cef
no ip source-route
no ip gratuitous-arps
ip cef
!
!
ip dhcp excluded-address 10.0.1.1 10.0.1.10
!
ip dhcp pool pool-one
network 10.0.1.0 255.255.255.0
dns-server 8.8.8.8
default-router 10.0.1.254
!
!
login block-for 300 attempts 3 within 60
login quiet-mode access-class 2
!
multilink bundle-name authenticated
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-2450582981
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2450582981
revocation-check none
rsakeypair TP-self-signed-2450582981
!
!
crypto pki certificate chain TP-self-signed-2450582981
certificate self-signed 01
30820252 308201BB A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32343530 35383239 3831301E 170D3133 30373331 32333233
30385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 34353035
38323938 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B499 688F5218 5FFDD68E 33E8869F DE68A719 0FD18B8C F864E477 B1B414BF
D016AAD1 04645881 5EA5CCD6 F779ADBE 4CCB7C9E 00EDB3FA 19D7CE1F 65E54C70
D0E1371D 39F0780F 169B120B A9AE690F F9775D30 963143D8 D2C9D11C 5309E83E
37F86428 B8623912 0BF72704 45EBB98F 9485CC75 42D26238 44575C70 4FA48ED3
DE670203 010001A3 7A307830 0F060355 1D130101 FF040530 030101FF 30250603
551D1104 1E301C82 1A72302E 76746563 682E6C6F 63616C2E 76746563 682E6C6F
63616C30 1F060355 1D230418 30168014 83B4FDD2 E16EC38D 6291C8A5 88767679
3C8B1BDE 301D0603 551D0E04 16041483 B4FDD2E1 6EC38D62 91C8A588 7676793C
8B1BDE30 0D06092A 864886F7 0D010104 05000381 81007A3A 354EB9DA 89C2005E
A926D69E 5EC7FF9D 525A5597 20988F05 C1D84E6E 1C4E538C C2C75D63 E06CF8A8
E408219D E2ADF51E 3B755E19 79C8A0A7 040ED2F6 33228CAB 6A37AD82 53A96B4E
C439C7D7 E5BEAFEF 2E7A652D 25FD31ED 5CAA97A7 67A78B24 EB6AEA1A AE4CDFB4
1C1B51DC 8C4D1B43 BCFF0F3D 7BD096CA 433F6AD4 556D
quit
voice-card 0
!
!
!
!
!
!
license udi pid CISCO2921/K9 sn FTX1631ALUZ
license boot module c2900 technology-package securityk9
license boot module c2900 technology-package uck9
license boot module c2900 technology-package datak9
!
!
username xxx privilege 15 password 7 xxxxxxxx
!
redundancy
!
!
no ip ftp passive
!
crypto keyring dmvpn-keyring
pre-shared-key address 0.0.0.0 0.0.0.0 key xxxxxx
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 2
!
crypto isakmp client configuration group test
key xxxxxxxx
domain xxxxxxxx
pool vpn-dhcp-pool
acl 100
max-users 3
netmask 255.255.255.0
crypto isakmp profile dmvpn-isakmp-profile
keyring dmvpn-keyring
match identity address 0.0.0.0
!
!
crypto ipsec transform-set dmvpn-transport-set esp-aes 256 esp-sha-hmac
mode transport
crypto ipsec transform-set ezvpn-transform-set esp-3des esp-sha-hmac
!
crypto ipsec profile dmvpn-ipsec-profile
set transform-set dmvpn-transport-set
set isakmp-profile dmvpn-isakmp-profile
!
!
crypto dynamic-map dynamic-map 1
set transform-set ezvpn-transform-set
reverse-route
!
!
crypto map crypto-map client authentication list vpn-authentication
crypto map crypto-map isakmp authorization list vpn-group
crypto map crypto-map client configuration address respond
crypto map crypto-map 1 ipsec-isakmp dynamic dynamic-map
!
!
!
!
!
interface GigabitEthernet0/0
description outside local interface
ip address 209.x.x.6 255.255.255.240
ip nat outside
no ip virtual-reassembly
duplex full
speed 100
crypto map vtech-crypto-map
!
!
interface GigabitEthernet0/1
description redundant outside local trunk interface
no ip address
duplex auto
speed auto
!
!
interface GigabitEthernet0/2
description inside local trunk interface
no ip address
duplex auto
speed auto
!
!
interface GigabitEthernet0/2.10
description inside local interface
encapsulation dot1Q 210
ip address 10.0.1.254 255.255.255.0
ip nat inside
no ip virtual-reassembly
!
!
ip local pool vpn-dhcp-pool 10.0.0.100 10.0.0.109
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
!
ip nat inside source route-map inside-local-to-internet interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 209.x.x.4
!
ip access-list extended inside-local-to-internet
remark vpn access list
deny ip 10.0.0.0 0.255.255.255 10.0.0.0 0.0.0.255
permit ip 10.0.0.0 0.255.255.255 any
!
access-list 100 remark vpn tunnel acl
access-list 100 permit ip 10.0.0.0 0.255.255.255 any
!
!
!
!
route-map inside-local-to-internet permit 10
match ip address inside-local-to-internet
match interface GigabitEthernet0/0
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
gatekeeper
shutdown
!
banner motd ^CCCC
************************************************************
* WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! *
************************************************************
* Access to and use of this device and/or other devices is *
* restricted to authorized users only. Unauthorized *
* individuals attempting to access this device may be *
* subject to prosecution. *
************************************************************
^C
!
line con 0
privilege level 15
logging synchronous
login authentication vpn-authentication
transport preferred none
line aux 0
line vty 0 4
exec-timeout 15 0
privilege level 15
logging synchronous
login authentication vpn-authentication
transport preferred none
transport input telnet ssh
line vty 5 15
privilege level 15
logging synchronous
login authentication vpn-authentication
transport preferred none
transport input telnet ssh
!
scheduler allocate 20000 1000
end version 15.0
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname xxxxxx
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxx
!
aaa new-model
!
!
aaa authentication login vpn-authentication local
aaa authorization network vpn-group local
!
!
!
!
!
aaa session-id common
!
!
!
clock timezone EST -5
clock summer-time EDT recurring
!
no ipv6 cef
no ip source-route
no ip gratuitous-arps
ip cef
!
!
ip dhcp excluded-address 10.0.1.1 10.0.1.10
!
ip dhcp pool pool-one
network 10.0.1.0 255.255.255.0
dns-server 8.8.8.8
default-router 10.0.1.254
!
!
login block-for 300 attempts 3 within 60
login quiet-mode access-class 2
!
multilink bundle-name authenticated
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-2450582981
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2450582981
revocation-check none
rsakeypair TP-self-signed-2450582981
!
!
crypto pki certificate chain TP-self-signed-2450582981
certificate self-signed 01
30820252 308201BB A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32343530 35383239 3831301E 170D3133 30373331 32333233
30385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 34353035
38323938 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B499 688F5218 5FFDD68E 33E8869F DE68A719 0FD18B8C F864E477 B1B414BF
D016AAD1 04645881 5EA5CCD6 F779ADBE 4CCB7C9E 00EDB3FA 19D7CE1F 65E54C70
D0E1371D 39F0780F 169B120B A9AE690F F9775D30 963143D8 D2C9D11C 5309E83E
37F86428 B8623912 0BF72704 45EBB98F 9485CC75 42D26238 44575C70 4FA48ED3
DE670203 010001A3 7A307830 0F060355 1D130101 FF040530 030101FF 30250603
551D1104 1E301C82 1A72302E 76746563 682E6C6F 63616C2E 76746563 682E6C6F
63616C30 1F060355 1D230418 30168014 83B4FDD2 E16EC38D 6291C8A5 88767679
3C8B1BDE 301D0603 551D0E04 16041483 B4FDD2E1 6EC38D62 91C8A588 7676793C
8B1BDE30 0D06092A 864886F7 0D010104 05000381 81007A3A 354EB9DA 89C2005E
A926D69E 5EC7FF9D 525A5597 20988F05 C1D84E6E 1C4E538C C2C75D63 E06CF8A8
E408219D E2ADF51E 3B755E19 79C8A0A7 040ED2F6 33228CAB 6A37AD82 53A96B4E
C439C7D7 E5BEAFEF 2E7A652D 25FD31ED 5CAA97A7 67A78B24 EB6AEA1A AE4CDFB4
1C1B51DC 8C4D1B43 BCFF0F3D 7BD096CA 433F6AD4 556D
quit
voice-card 0
!
!
!
!
!
!
license udi pid CISCO2921/K9 sn FTX1631ALUZ
license boot module c2900 technology-package securityk9
license boot module c2900 technology-package uck9
license boot module c2900 technology-package datak9
!
!
username xxx privilege 15 password 7 xxxxxxxx
!
redundancy
!
!
no ip ftp passive
!
crypto keyring dmvpn-keyring
pre-shared-key address 0.0.0.0 0.0.0.0 key xxxxxx
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 2
!
crypto isakmp client configuration group test
key xxxxxxxx
domain xxxxxxxx
pool vpn-dhcp-pool
acl 100
max-users 3
netmask 255.255.255.0
crypto isakmp profile dmvpn-isakmp-profile
keyring dmvpn-keyring
match identity address 0.0.0.0
!
!
crypto ipsec transform-set dmvpn-transport-set esp-aes 256 esp-sha-hmac
mode transport
crypto ipsec transform-set ezvpn-transform-set esp-3des esp-sha-hmac
!
crypto ipsec profile dmvpn-ipsec-profile
set transform-set dmvpn-transport-set
set isakmp-profile dmvpn-isakmp-profile
!
!
crypto dynamic-map dynamic-map 1
set transform-set ezvpn-transform-set
reverse-route
!
!
crypto map crypto-map client authentication list vpn-authentication
crypto map crypto-map isakmp authorization list vpn-group
crypto map crypto-map client configuration address respond
crypto map crypto-map 1 ipsec-isakmp dynamic dynamic-map
!
!
!
!
!
interface GigabitEthernet0/0
description outside local interface
ip address 209.x.x.6 255.255.255.240
ip nat outside
no ip virtual-reassembly
duplex full
speed 100
crypto map vtech-crypto-map
!
!
interface GigabitEthernet0/1
description redundant outside local trunk interface
no ip address
duplex auto
speed auto
!
!
interface GigabitEthernet0/2
description inside local trunk interface
no ip address
duplex auto
speed auto
!
!
interface GigabitEthernet0/2.10
description inside local interface
encapsulation dot1Q 210
ip address 10.0.1.254 255.255.255.0
ip nat inside
no ip virtual-reassembly
!
!
ip local pool vpn-dhcp-pool 10.0.0.100 10.0.0.109
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
!
ip nat inside source route-map inside-local-to-internet interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 209.x.x.4
!
ip access-list extended inside-local-to-internet
remark vpn access list
deny ip 10.0.0.0 0.255.255.255 10.0.0.0 0.0.0.255
permit ip 10.0.0.0 0.255.255.255 any
!
access-list 100 remark vpn tunnel acl
access-list 100 permit ip 10.0.0.0 0.255.255.255 any
!
!
!
!
route-map inside-local-to-internet permit 10
match ip address inside-local-to-internet
match interface GigabitEthernet0/0
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
gatekeeper
shutdown
!
banner motd ^CCCC
************************************************************
* WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! *
************************************************************
* Access to and use of this device and/or other devices is *
* restricted to authorized users only. Unauthorized *
* individuals attempting to access this device may be *
* subject to prosecution. *
************************************************************
^C
!
line con 0
privilege level 15
logging synchronous
login authentication vpn-authentication
transport preferred none
line aux 0
line vty 0 4
exec-timeout 15 0
privilege level 15
logging synchronous
login authentication vpn-authentication
transport preferred none
transport input telnet ssh
line vty 5 15
privilege level 15
logging synchronous
login authentication vpn-authentication
transport preferred none
transport input telnet ssh
!
scheduler allocate 20000 1000
end
Thanks!
- Labels:
-
VPN
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-09-2013 04:30 PM
first of all change your vpn pool
its confusing with your lan ip pool
ip local pool vpn-dhcp-pool 192.168.1.10 192.168.1.20
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
!
ip nat inside source route-map inside-local-to-internet interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 209.x.x.4
!
ip access-list extended inside-local-to-internet
remark vpn access list
deny ip 10.0.1.0.0.0.0.255 192.168.1.0 0.0.0.255
permit ip 10.0.1.0 0.0.0.255 any
!
access-list 100 remark vpn tunnel acl
access-list 100 permit ip 10.0.1.0 0.0.0.255 192.168.1.0 0.0.0.255
!
!
***DO RATE ALL HELPFUL POSTS ***
Jawad
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2013 11:39 PM
Thank you for your response. I have changed the address scheme of the VPN clients but I still am not able to access past the internal interface of my LAN.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-11-2013 05:42 AM
Respost your new config again
Jawad
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-11-2013 07:43 AM
Building configuration...
Current configuration : 7075 bytes
!
version 15.3
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
!
boot-start-marker
boot system flash0 c2900-universalk9-mz.SPA.153-2.T.bin
boot-end-marker
!
!
enable secret 5 xxxxxxxxxxxxxx
!
aaa new-model
!
!
aaa authentication login -authentication local
aaa authorization network -group local
!
!
!
!
!
aaa session-id common
clock timezone EST -5 0
clock summer-time EDT recurring
!
no ip source-route
no ip gratuitous-arps
ip cef
!
!
!
!
!
ip dhcp excluded-address 10.0.1.1 10.0.1.10
!
ip dhcp pool pool-one
network 10.0.1.0 255.255.255.0
dns-server 8.8.8.8
default-router 10.0.1.254
domain-name .local
!
!
!
ip domain name .local
login block-for 300 attempts 3 within 60
login quiet-mode access-class 2
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-2450582981
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2450582981
revocation-check none
rsakeypair TP-self-signed-2450582981
!
!
crypto pki certificate chain TP-self-signed-2450582981
certificate self-signed 02
30820252 308201BB A0030201 02020102 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32343530 35383239 3831301E 170D3133 30383131 30363137
35325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 34353035
38323938 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100993C FE29D28B D2F7A003 BBD4CE4A 8A74400F 282F901D EE883EC8 82894259
52F2D1CE 69715A80 510744BE 867B8413 5F6998A9 93745F53 99A528CA E0710A55
506ED84D 2D645389 B25DF303 ACAD0023 A506AF54 08AA08A7 60D4C9BB EDFC215D
7BF79AD8 183E966F 8E174E60 E00F2EFE E20C2FBE B379F0B6 58DB3F2E 725C7425
0F550203 010001A3 7A307830 0F060355 1D130101 FF040530 030101FF 30250603
551D1104 1E301C82 1A72302E 76746563 682E6C6F 63616C2E 76746563 682E6C6F
63616C30 1F060355 1D230418 30168014 2BB0564B 4D2C150F 541C82DB AC37862C
AF23F35F 301D0603 551D0E04 1604142B B0564B4D 2C150F54 1C82DBAC 37862CAF
23F35F30 0D06092A 864886F7 0D010104 05000381 81002C6E B09E2619 3CB4257E
CCBDBEF4 D3DB64C6 0DB27674 1754B504 10333607 91A92DFD DB34D4DD BB6E7710
C06EA826 991614F0 F454C5D5 F7A14BD6 97E7AB00 FACE4443 9231D7DE BB807B0D
E5D6E88C F523E640 14FDE835 C57A45D6 C7FF61DF 2187AC84 88F2079C A6265D52
86D44B66 5A6BF73B 0D8CB202 281E4FF5 4B8B1B04 D707
quit
voice-card 0
!
!
!
!
!
!
!
!
license udi pid CISCO2921/K9 sn FTX1631ALUZ
license boot module c2900 technology-package securityk9
license boot module c2900 technology-package uck9
license boot module c2900 technology-package datak9
!
!
!
redundancy
!
!
!
!
!
no ip ftp passive
!
crypto keyring -dmvpn-keyring
pre-shared-key address 0.0.0.0 0.0.0.0 key S3rr47+
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 2
!
crypto isakmp client configuration group hyperion
key T@rm0g0yf!
domain .local
pool -vpn-dhcp-pool
acl 100
max-users 3
netmask 255.255.255.0
crypto isakmp profile -dmvpn-isakmp-profile
keyring -dmvpn-keyring
match identity address 0.0.0.0
!
!
crypto ipsec transform-set dmvpn-transport-set esp-aes 256 esp-sha-hmac
mode transport
crypto ipsec transform-set ezvpn-transform-set esp-3des esp-sha-hmac
mode tunnel
!
!
crypto ipsec profile -dmvpn-ipsec-profile
set transform-set dmvpn-transport-set
set isakmp-profile -dmvpn-isakmp-profile
!
!
crypto dynamic-map -dynamic-map 1
set transform-set ezvpn-transform-set
reverse-route
!
!
crypto map -crypto-map client authentication list -authentication
crypto map -crypto-map isakmp authorization list -group
crypto map -crypto-map client configuration address respond
crypto map -crypto-map 1 ipsec-isakmp dynamic -dynamic-map
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description outside local interface
ip address 209.x.x.6 255.255.255.240
ip nat outside
no ip virtual-reassembly in
duplex full
speed 100
crypto map -crypto-map
!
interface GigabitEthernet0/1
description redundant outside local trunk interface
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/2
description inside local trunk interface
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/2.10
description inside local interface
encapsulation dot1Q 210
ip address 10.0.1.254 255.255.255.0
ip nat inside
no ip virtual-reassembly in
!
!
ip local pool -vpn-dhcp-pool 192.168.1.1 192.168.1.10
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
!
ip nat inside source route-map inside-local-to-internet interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 209.x.x.4
!
ip access-list extended inside-local-to-internet
remark vpn access list
deny ip 10.0.0.0 0.255.255.255 192.168.1.0 0.0.0.255
permit ip 10.0.0.0 0.255.255.255 any
!
!
route-map inside-local-to-internet permit 10
match ip address inside-local-to-internet
!
!
access-list 100 remark vpn tunnel acl
access-list 100 permit ip 10.0.0.0 0.255.255.255 192.168.1.0 0.0.0.255
!
!
!
control-plane
!
!
!
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
gatekeeper
shutdown
!
!
banner motd ^CCCCC
************************************************************
* WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! *
************************************************************
* Access to and use of this device and/or other devices is *
* restricted to authorized users only. Unauthorized *
* individuals attempting to access this device may be *
* subject to prosecution. *
************************************************************
^C
!
line con 0
privilege level 15
logging synchronous
login authentication -authentication
transport preferred none
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
exec-timeout 15 0
privilege level 15
logging synchronous
login authentication -authentication
transport preferred none
transport input telnet ssh
line vty 5 15
privilege level 15
logging synchronous
login authentication -authentication
transport preferred none
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-11-2013 09:37 AM
In your nat0 and split-tunnel ACLs you're doing exceptions for 10.0.0.0/24, but your inside LAN subnet is 10.0.1.0/24. Correct this and it should be ok.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2013 04:47 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-11-2013 07:50 AM
what your gateway of remote lan
remove acl 100 form crypto isakmp group and check
are u able to ping router internal interface.
Jawad
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide