04-19-2010 02:59 AM
hi
i'm trying to setup an EzVPN server that will allow users to connect remotly via internet through my 2820 router
the client can connect successfully however it can only reach the router and not devices within the router subnet
crypto isakmp policy 100
encr aes
hash md5
authentication pre-share
group 2
crypto isakmp keepalive 20 10
!
crypto isakmp client configuration group easyvpn
key easyvpn
pool easyvpn
acl easyvpn
save-password
max-users 9
netmask 255.255.255.0
!
!
crypto ipsec transform-set dmvpn esp-aes esp-md5-hmac
!
crypto ipsec profile dmvpn
set transform-set dmvpn
!
!
crypto dynamic-map easyvpn 10
set transform-set dmvpn
reverse-route
!
!
crypto map easyvpn client authentication list easyvpn
crypto map easyvpn isakmp authorization list easyvpn
crypto map easyvpn client configuration address respond
crypto map easyvpn 100 ipsec-isakmp dynamic easyvpn
interface GigabitEthernet0/0
description DSL interface
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/1
description internal interface
ip address 100.0.0.1 255.255.255.0
ip nat inside
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp authentication chap pap callin
ppp chap hostname
ppp chap password 0
ppp pap sent-username
crypto map easyvpn
ip local pool easyvpn 70.0.0.1 70.0.0.100
!
ip access-list extended easyvpn
permit ip 100.0.0.0 0.0.0.255 70.0.0.0 0.0.0.255
please be notifed that i can only reach the private address of the router only not the connected devices
thanks
Solved! Go to Solution.
04-19-2010 03:19 AM
Please make sure that NAT exemption is configured (you would need to deny traffic from your internal subnets towards the ip pool subnet so it doesn't get NATed).
04-19-2010 03:19 AM
Please make sure that NAT exemption is configured (you would need to deny traffic from your internal subnets towards the ip pool subnet so it doesn't get NATed).
04-19-2010 03:37 AM
i did
it's now working just fine
thanks alot
04-19-2010 10:34 AM
If you get a chance would you please post your scrubbed config so I can see the changes you made to resolve the NAT problem.
Thanks,
Steve
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide