Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
384
Views
0
Helpful
2
Replies

Problem with 1710 and VPN client 3.6

jeffhunter100
Level 1
Level 1

‎02-12-2003 07:19 PM - edited ‎02-21-2020 12:21 PM

Hi,

I am having trouble with this configuration. I can create the tunnel ok, but from the client I can not ping to devices on the lan (ex 192.168.0.20) or the inside interface of the router (192.168.0.1) or vice versa.

I have tried about 1000 variations of this and I am still not getting anywhere. Any ideas.....

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

aaa new-model

!

!

aaa authentication login userauthen local

aaa authorization network groupauthor local

aaa session-id common

enable password xxxxx (moderator edit)

!

username xxxx password xxxxxx (moderator edit)

memory-size iomem 25

ip subnet-zero

!

no ip domain-lookup

!

ip audit notify log

ip audit po max-events 100

ip ssh time-out 120

ip ssh authentication-retries 3

!

crypto isakmp policy 3

encr 3des

authentication pre-share

group 2

!

crypto isakmp client configuration group 3000client

key cisco123

dns 14.1.1.10

wins 14.1.1.20

domain cisco.com

pool ippool

!

!

crypto ipsec transform-set myset esp-3des esp-sha-hmac

!

crypto dynamic-map dynmap 10

set transform-set myset

!

!

crypto map clientmap client authentication list userauthen

crypto map clientmap isakmp authorization list groupauthor

crypto map clientmap client configuration address respond

crypto map clientmap 10 ipsec-isakmp dynamic dynmap

!

interface Ethernet0

description connected to Internet

ip address 200.0.0.1

no ip proxy-arp

ip nat outside

half-duplex

crypto map clientmap

!

interface FastEthernet0

description connected to EthernetLAN

ip address 192.168.0.1 255.255.255.0

no ip proxy-arp

ip nat inside

speed auto

!

ip local pool ippool 192.168.1.100 192.168.1.200

ip nat inside source route-map nonat interface Ethernet0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 200.0.0.2

no ip http server

ip pim bidir-enable

!

!

access-list 101 deny ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 101 permit ip 192.168.0.0 0.0.0.255 any

!

route-map nonat permit 10

match ip address 101

!

!

line con 0

session-timeout 3

exec-timeout 0 0

password 7 13161F1D1B1C013838

line aux 0

line vty 0 4

session-timeout 3

password 7 10440C1F03

!

no scheduler allocate

end

Labels:
0 Helpful
2 Replies 2

ajagadee
Cisco Employee
Cisco Employee

‎02-13-2003 11:02 AM

Hi,

How is the client connecting to the internet.

Once the client makes a successful connection and try to access something on the 192.168.0.x/24, can you look on the client statistics to see if the packets are getting encrypted or not. And if they are encyrpted, Look at the IPSec SA on the router to see if the router is decyrpting the packet and this should point you in the right direction.

Regards,

Arul

0 Helpful

jeffhunter100
Level 1
Level 1
In response to ajagadee

‎02-13-2003 11:07 AM

Thanks Arul,

I checked that initially, it basically looked like packets would not encrypt from either side. I just figured this out about 10 minutes ago. I upgraded my IOS in the 1710 to the latest and it now works.

0 Helpful
Customers Also Viewed These Support Documents