cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5665
Views
0
Helpful
28
Replies

easyvpn server has created but Can't access local LAN using cisco cpn client

mkabbashi
Beginner
Beginner

Hi,

I have created easyvpn server in router 1841, I can connect to the outside interface from a remote computer, but I can't ping any of internal lan devices.

Building configuration...

Current configuration : 3054 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname X_R_Z

!

boot-start-marker

boot system flash:c1841-advipservicesk9-mz.124-12.bin

boot-end-marker

!

no logging buffered

enable secret 5 $1$MNXK$lahi6sf17juTZIYm877hT.

enable password cisco

!

aaa new-model

!

!

aaa authentication login default local

aaa authentication login sdm_vpn_xauth_ml_1 local

aaa authentication login sdm_vpn_xauth_ml_2 local

aaa authorization exec default local

aaa authorization network sdm_vpn_group_ml_1 local

aaa authorization network sdm_vpn_group_ml_2 local

!

aaa session-id common

ip cef

!

!

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.1.87

ip dhcp excluded-address 192.168.1.1 192.168.1.66

ip dhcp excluded-address 192.168.1.106

!

ip dhcp pool Xyz

   network 192.168.1.0 255.255.255.0

   default-router 192.168.1.77

   dns-server 196.29.180.39 196.29.164.49 192.168.1.82

   domain-name wr

!

!

no ip domain lookup

!

!

!

username w1 privilege 15 password 0 ww2

username fi privilege 15 secret 5 $1$oIDZ$JHpf0Hft0qMAi4oabOfM..

!

!

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

!

crypto isakmp client configuration group testvpn

key 111111

pool SDM_POOL_1

!

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac

!

crypto dynamic-map SDM_DYNMAP_1 1

set transform-set ESP-3DES-SHA1

reverse-route

!

!

crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_2

crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_2

crypto map SDM_CMAP_1 client configuration address respond

crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1

!

!

!

interface FastEthernet0/0

description WAN_INTERFACE

no ip address

no ip proxy-arp

ip mtu 1400

speed 100

full-duplex

!

interface FastEthernet0/0.71

encapsulation dot1Q 71

ip dhcp relay information trusted

ip address 192.168.1.77 255.255.255.0

no ip proxy-arp

ip nat inside

ip virtual-reassembly

!

interface FastEthernet0/0.75

encapsulation dot1Q 75

ip address 197.251.333.147 255.255.255.252

no ip proxy-arp

ip nat outside

ip virtual-reassembly

crypto map SDM_CMAP_1

!

interface FastEthernet0/1

ip address 10.8.0.1 255.255.255.0

duplex auto

speed auto

!

ip local pool SDM_POOL_1 192.168.50.1 192.168.50.5

ip route 0.0.0.0 0.0.0.0 197.251.333.146

!

!

ip http server

ip http authentication local

ip http secure-server

ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/0.75 overload

!

ip access-list extended X-Yh

remark SDM_ACL Category=16

deny   ip any host 192.168.50.1

deny   ip any host 192.168.50.2

deny   ip any host 192.168.50.3

deny   ip any host 192.168.50.4

deny   ip any host 192.168.50.5

permit ip 192.168.1.0 0.0.0.255 any

!

!

route-map SDM_RMAP_1 permit 1

match ip address X-Yh

!

!

!

!

control-plane

!

!

!

line con 0

line aux 0

line vty 0 4

privilege level 15

password Sr

!

scheduler allocate 20000 1000

end