Re: Problem with VPN configuration Router 1914

Kapsztajn · ‎05-12-2020

Hi guys,

I have troubles with creating a working VPN. When I try to connect to the router I got the "Connection time out" error. Could someone check my configuration and tell me what is wrong? I can ping that router no problem but just cant connect to VPN.

BIG THANKS!

Current configuration : 3263 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
!
ip dhcp excluded-address 10.0.40.1
ip dhcp excluded-address 10.0.30.1
ip dhcp excluded-address 10.0.20.1
ip dhcp excluded-address 10.0.10.1
!
ip dhcp pool Kamery
 network 10.0.10.0 255.255.255.0
 default-router 192.168.1.2
ip dhcp pool KameryCzujniki
 network 10.0.20.0 255.255.255.0
 default-router 192.168.1.2
ip dhcp pool Siec
 network 10.0.30.0 255.255.255.0
 default-router 10.0.30.1
 dns-server 8.8.8.8
ip dhcp pool AP
 network 10.0.40.0 255.255.255.0
 default-router 10.0.40.1
 dns-server 8.8.8.8
!
!
aaa new-model
!
aaa authentication login abc1 local 
!
!
aaa authorization network GroupVPN local
aaa authorization network abc2 local
!
!
!
!
!
no ip cef
no ipv6 cef
!
!
!
username admin password 0 admin
!
!
license udi pid CISCO1941/K9 sn FTX1524S3Q0-
license boot module c1900 technology-package securityk9
!
!
!
crypto isakmp policy 10
 encr 3des
 hash md5
 authentication pre-share
 group 2
!
!
!
crypto isakmp client configuration group cisco
 key cisco123
 pool VPNPOOL
!
!
crypto ipsec transform-set set1 esp-3des esp-md5-hmac
!
crypto dynamic-map map1 10
 set transform-set set1 
 reverse-route
!
crypto map map1 client authentication list abc1
crypto map map1 isakmp authorization list abc2
crypto map map1 client configuration address respond
crypto map map1 10 ipsec-isakmp dynamic map1
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
 crypto map map1
!
interface GigabitEthernet0/0.10
 encapsulation dot1Q 10
 ip address 10.0.10.1 255.255.255.0
 ip access-group Kamery out
!
interface GigabitEthernet0/0.20
 encapsulation dot1Q 20
 ip address 10.0.20.1 255.255.255.0
 ip access-group Czujniki out
!
interface GigabitEthernet0/0.30
 encapsulation dot1Q 30
 ip address 10.0.30.1 255.255.255.0
 ip nat inside
!
interface GigabitEthernet0/0.40
 encapsulation dot1Q 40
 ip address 10.0.40.1 255.255.255.0
 ip nat inside
!
interface GigabitEthernet0/1
 ip address 192.168.1.1 255.255.255.0
 duplex auto
 speed auto
!
interface GigabitEthernet0/0/0
 ip address 203.1.1.2 255.255.255.0
 ip nat outside
 crypto map map1
!
interface Vlan1
 no ip address
 shutdown
!
router rip
 network 203.1.1.0
!
ip local pool VPNPOOL 192.168.1.10 192.168.1.25
ip nat pool NAT 203.1.1.3 203.1.1.5 netmask 255.255.255.0
ip nat inside source list 1 pool NAT
ip classless
!
ip flow-export version 9
!
!
ip access-list extended Kamery
 deny ip 10.0.20.0 0.0.0.255 10.0.10.0 0.0.0.255
 deny ip 10.0.30.0 0.0.0.255 10.0.10.0 0.0.0.255
 deny ip 10.0.40.0 0.0.0.255 10.0.10.0 0.0.0.255
 permit ip 192.168.1.0 0.0.0.255 10.0.10.0 0.0.0.255
 permit ip 10.0.10.0 0.0.0.255 10.0.10.0 0.0.0.255
 deny ip any any
ip access-list extended Czujniki
 deny ip 10.0.10.0 0.0.0.255 10.0.20.0 0.0.0.255
 deny ip 10.0.30.0 0.0.0.255 10.0.20.0 0.0.0.255
 deny ip 10.0.40.0 0.0.0.255 10.0.20.0 0.0.0.255
 permit ip 192.168.1.0 0.0.0.255 10.0.20.0 0.0.0.255
 permit ip 10.0.20.0 0.0.0.255 10.0.20.0 0.0.0.255
 deny ip any any
access-list 1 permit 10.0.30.0 0.0.0.255
access-list 1 permit 10.0.40.0 0.0.0.255
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
!
!
!
end

It will be great help, thanks!

Kapsztajn · ‎05-12-2020

I got it working somehow but now I cant apply crypto map to GigabitEthernet0/0.40 and GigabitEthernet0/0.30 cause there is no option like crypto map in subif.

Im trying to do that cause I cant connect to VPN from internal/home network. When I try it in simulation I got error

The Receiving port is not configured with crypto map command.