Hi all, I have cisco 837 series as a ADSL modem. I'm on 192.168.1.2 and my VPN client have 192.168.2.1. We can ping each other but when we try to play LAN games, we can't see each other. I believe this is caused by UDP Broadcast not reach the VPN client. How can I forward the UDP broadcast ? Any help will be appreciated. Sorry for my bad english. Thank you.
Here is my configuration :
Building configuration...
Current configuration : 3704 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname michael
!
boot-start-marker
boot-end-marker
!
memory-size iomem 5
no logging console
enable secret 5 $1$pZLW$9RZ8afI8QdGRq0ssaEJVu0
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
!
aaa session-id common
!
resource policy
!
ip subnet-zero
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool michael
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 202.134.0.155
!
ip dhcp pool excluded-address
host 192.168.1.4 255.255.255.0
hardware-address 01c8.d719.957a.b9
!
!
ip cef
ip name-server 202.134.0.155
ip name-server 203.130.193.74
vpdn enable
!
!
!
!
username michael privilege 15 secret 5 $1$ZJQu$KDigCvYWKkzuzdYHBEY7f.
username danny privilege 10 secret 5 $1$BDs.$Ez0u9wY7ywiBzVd1ECX0N/
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp xauth timeout 15
!
crypto isakmp client configuration group michaelvpn
key vpnpassword
pool SDM_POOL_1
acl 199
netmask 255.255.255.0
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA
!
!
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
!
!
interface Ethernet0
description $FW_INSIDE$
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
hold-queue 100 out
!
interface Ethernet2
no ip address
shutdown
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet1
duplex auto
speed auto
!
interface FastEthernet2
duplex auto
speed auto
!
interface FastEthernet3
duplex auto
speed auto
!
interface FastEthernet4
duplex auto
speed auto
!
interface Virtual-PPP1
no ip address
!
interface Dialer1
description $FW_OUTSIDE$
mtu 1492
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp chap hostname ispusername
ppp chap password 0 isppassword
ppp pap sent-username ispusername password 0 isppassword
crypto map SDM_CMAP_1
!
ip local pool SDM_POOL_1 192.168.2.1 192.168.2.5
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
no ip http secure-server
!
ip nat inside source static udp 192.168.1.0 1723 interface Dialer1 1723
ip nat inside source static tcp 192.168.1.4 21 interface Dialer1 21
ip nat inside source route-map SDM_RMAP_1 interface Dialer1 overload
!
access-list 1 remark SDM_ACL Category=16
access-list 1 permit 192.0.0.0 0.255.255.255
access-list 102 remark SDM_ACL Category=2
access-list 102 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
access-list 199 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
route-map SDM_RMAP_1 permit 1
match ip address 102
!
!
control-plane
!
banner motd ^C
Authorized Access Only
UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
You must have explicit permission to access this device.
All activities performed on this device are logged.
Any violations of access policy will result in disciplinary action.
^C
!
line con 0
no modem enable
line aux 0
line vty 0 4
!
scheduler max-task-time 5000
end
