Hi Guys,
This VPN is driving me crazy!!! it connects but I can't access any of the resources behind the router, and I can't ping. What I am doing wrong? Any idea? it sounds like a routing/ACL issue but...
Any help appreciated! And thanks a lot!!!
[…]
!
hostname R1
!
[…]
enable secret […]
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login VPN local
aaa authorization exec default local
aaa authorization network VPN local
!
!
!
!
!
aaa session-id common
!
!
no ipv6 cef
ip source-route
ip cef
!
!
!
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool DHCP-1
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8 8.8.4.4
!
ip dhcp pool DHCP-2
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server 8.8.8.8 8.8.4.4
!
[…]
!
!
ip name-server 8.8.8.8
ip name-server 8.8.4.4
!
multilink bundle-name authenticated
!
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint […]
!
!
crypto pki certificate chain […]
!
!
username […]
!
redundancy
!
!
!
!
!
!
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 2
!
crypto isakmp client configuration group VPNGROUP
key […]
dns 8.8.8.8
pool VPNRAPOOL
acl VPN_SPLIT
!
!
crypto ipsec transform-set T1 esp-aes 256 esp-sha-hmac
!
crypto dynamic-map DYNMAP 10
set transform-set T1
reverse-route
!
!
crypto map VPN client authentication list VPN
crypto map VPN isakmp authorization list VPN
crypto map VPN client configuration address respond
crypto map VPN 10 ipsec-isakmp dynamic DYNMAP
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description WAN
ip address 1.1.1.1 255.255.255.240
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map VPN
!
interface GigabitEthernet0/1
description 1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2
description 2
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
[…]
!
ip local pool VPNRAPOOL 14.0.1.100 14.0.1.200
no ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
!
ip nat pool POOL-TSG 1.1.1.2 1.1.1.2 netmask 255.255.255.240
ip nat pool POOL-Phones 1.1.1.3 1.1.1.3 netmask 255.255.255.240
[…]
ip nat inside source list 2 pool POOL-2 overload
ip nat inside source list 1 pool POOL-1 overload
[…]
ip nat inside source static udp 192.168.1.243 500 1.1.1.2 500 extendable
[…]
ip route 0.0.0.0 0.0.0.0 1.1.1.1
!
ip access-list extended VPN_SPLIT
permit ip 192.168.0.0 0.0.255.255 14.0.1.0 0.0.0.255
!
access-list 2 permit 192.168.2.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
[…]
!
!
!
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
privilege level 15
password […]
transport input ssh
!
scheduler allocate 20000 1000
end
