Hi somebody,

i've configured mobile vpn configuration in cisco 7200 with GNS3. i can connect VPN to my cisco router with cisco vpn client software from outside. but i can't ping to internal ip and can't access internal resources.

My Internal IP is 192.168.1.x . And IP for mobile VPN client from outside is 172.60.1.x.

Your advise will be appreciate.

here is my configuration with cisco 7200 in GNS 3,

OfficeVPN_Router#sh run

Building configuration...

Current configuration : 2186 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname OfficeVPN_Router

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$E0Gz$U8UzNtHOXy2CeoEFj30by0

!

aaa new-model

!

!

aaa authentication login userlist local

aaa authorization network grouplist local

!

aaa session-id common

!

!

ip cef

no ip domain lookup

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

username asm privilege 15 password 0 pncsadmin

username user privilege 15 password 0 pncsadmin

username user1 privilege 15 password 0 pncsadmin

username cisco123 secret 5 $1$lCOc$Db.e8AFd/0f02ZI4/aeV./

!

!

!

!

crypto isakmp policy 10

encr aes

authentication pre-share

group 2

!

crypto isakmp client configuration group MWG

key cisco

dns 165.21.83.88

pool vpnpool

acl 101

netmask 255.255.0.0

!

!

crypto ipsec transform-set myset esp-aes esp-sha-hmac

!

crypto dynamic-map dynmap 10

set transform-set myset

reverse-route

!

!

crypto map mymap client authentication list userlist

crypto map mymap isakmp authorization list grouplist

crypto map mymap client configuration address initiate

crypto map mymap client configuration address respond

crypto map mymap 10 ipsec-isakmp dynamic dynmap

!

!

!

!

interface FastEthernet0/0

no ip address

shutdown

duplex half

!

interface FastEthernet1/0

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex full

speed 100

!

interface FastEthernet1/1

ip address 200.200.200.200 255.255.255.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

crypto map mymap

!

!

ip local pool vpnpool 172.60.1.10 172.60.1.100

no ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 200.200.200.201

!

no ip http server

no ip http secure-server

!

ip nat inside source list 111 interface FastEthernet1/1 overload

!

access-list 101 permit ip 192.168.1.0 0.0.0.255 172.60.0.0 0.0.255.255

access-list 111 deny   ip 192.168.1.0 0.0.0.255 172.60.0.0 0.0.255.255

access-list 111 permit ip any any

!

!

!

control-plane

!

!

!

!

!

!

gatekeeper

shutdown

!

!

line con 0

exec-timeout 0 0

password cisco123

logging synchronous

stopbits 1

line aux 0

stopbits 1

line vty 0 4

password cisco123

!

!

end

OfficeVPN_Router#sh ver

Cisco IOS Software, 7200 Software (C7200-A3JK9S-M), Version 12.4(25), RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2009 by Cisco Systems, Inc.

Compiled Tue 21-Apr-09 18:50 by prod_rel_team

ROM: ROMMON Emulation Microcode

BOOTLDR: 7200 Software (C7200-A3JK9S-M), Version 12.4(25), RELEASE SOFTWARE (fc2)

OfficeVPN_Router uptime is 30 minutes

System returned to ROM by unknown reload cause - suspect boot_data[BOOT_COUNT] 0x0, BOOT_COUNT 0, BOOTDATA 19

System image file is "tftp://255.255.255.255/unknown"

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

Cisco 7206VXR (NPE400) processor (revision A) with 245760K/16384K bytes of memory.

Processor board ID 4279256517

R7000 CPU at 150MHz, Implementation 39, Rev 2.1, 256KB L2 Cache

6 slot VXR midplane, Version 2.1

Last reset from power-on

PCI bus mb0_mb1 (Slots 0, 1, 3 and 5) has a capacity of 600 bandwidth points.

Current configuration on bus mb0_mb1 has a total of 600 bandwidth points.

This configuration is within the PCI bus capacity and is supported.

PCI bus mb2 (Slots 2, 4, 6) has a capacity of 600 bandwidth points.

Current configuration on bus mb2 has a total of 0 bandwidth points

This configuration is within the PCI bus capacity and is supported.

Please refer to the following document "Cisco 7200 Series Port Adaptor

Hardware Configuration Guidelines" on Cisco.com <http://www.cisco.com>

for c7200 bandwidth points oversubscription and usage guidelines.

3 FastEthernet interfaces

125K bytes of NVRAM.

65536K bytes of ATA PCMCIA card at slot 0 (Sector size 512 bytes).

8192K bytes of Flash internal SIMM (Sector size 256K).

Configuration register is 0x2102

OfficeVPN_Router#