07-31-2002 05:16 AM - edited 02-21-2020 11:58 AM
Hi there,
I currently setup an 826 (IOS (tm) C820 Software (C820-K8OSY6-M), Version 12.2(2)T4, RELEASE SOFTWARE (fc3)) ADSL connection to an ISP using NAT. I also configured some redirections (PAT) to the mail and web server on the internal LAN. Finally I want to add a "road worrior" using any ISP connecting via an IPsec VPN the internal LAN. VPN setup including key exchange finish smoothly and I can also ping the internal systems, all standard internal to external traffic also OK. But when I want to access systems on any ip protocol (telnet / ssh ...) I can access the internal systems. Hereby my simple config, give it a shot....
current config:
version 12.2
no parser cache
no service single-slot-reload-enable
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname a213-84-19-156
!
logging rate-limit console 10 except errors
enable secret 5 $1$y/EK$wAisMWMGiTJ/1ZFyLTg.y.
enable password XXXXXX
!
ip subnet-zero
ip domain-name adsl.xs4all.nl
ip name-server 194.109.6.66
ip name-server 194.109.9.99
!
ip ssh time-out 120
ip ssh authentication-retries 3
no ip dhcp-client network-discovery
!
crypto isakmp policy 3
authentication pre-share
crypto isakmp key cisco1234 address 0.0.0.0 0.0.0.0
crypto isakmp client configuration address-pool local ourpool
!
!
crypto ipsec transform-set vpn-transform esp-des esp-md5-hmac
!
crypto dynamic-map vpn-dynamic 10
set transform-set vpn-transform
!
!
crypto map vpnclient client configuration address initiate
crypto map vpnclient client configuration address respond
crypto map vpnclient 10 ipsec-isakmp dynamic vpn-dynamic
!
!
!
!
interface Ethernet0
ip address 10.124.77.250 255.255.255.0
ip nat inside
no ip route-cache
no ip mroute-cache
no keepalive
!
interface ATM0
no ip address
no ip route-cache
no ip mroute-cache
no atm ilmi-keepalive
pvc 0 8/48
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
bundle-enable
!
interface Dialer0
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username jtel@xs4all-fast-adsl password 7 030E4F0E0A5D70
crypto map vpnclient
!
ip local pool ourpool 10.124.78.1 10.124.78.254
ip nat inside source route-map nonat interface Dialer0 overload
ip nat inside source static tcp 10.124.77.55 443 <ip internet> 443 extendable
ip nat inside source static tcp 10.124.77.55 80 <ip internet> 80 extendable
ip nat inside source static tcp 10.124.77.55 22 <ip internet> 22 extendable
ip nat inside source static tcp 10.124.77.55 10000 <ip internet> 10000 extendabl
e
ip nat inside source static tcp 10.124.77.55 25 <ip internet> 25 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0 permanent
no ip http server
!
access-list 100 permit ip any any
access-list 105 deny ip 10.124.77.0 0.0.0.255 10.124.78.0 0.0.0.255
access-list 105 permit ip 10.124.77.0 0.0.0.255 any
access-list 105 permit ip 10.124.78.0 0.0.0.255 any
dialer-list 1 protocol ip permit
route-map nonat permit 10
match ip address 105
!
snmp-server engineID local 000000090200000427FCDCCE
snmp-server community public RO
!
line con 0
exec-timeout 120 0
stopbits 1
line vty 0 4
exec-timeout 0 0
password xxxxx
login
!
scheduler max-task-time 5000
end
07-31-2002 08:04 AM
Small type mistake:
standard internal to external traffic also OK. But when I want to access systems on any ip protocol (telnet / ssh ...) I can not! access the internal systems. Hereby my simple config, give it a shot....
Thanks so far..
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide