05-12-2020 04:47 PM - edited 05-12-2020 09:02 PM
Hi guys,
I have troubles with creating a working VPN. When I try to connect to the router I got the "Connection time out" error. Could someone check my configuration and tell me what is wrong? I can ping that router no problem but just cant connect to VPN.
BIG THANKS!
Current configuration : 3263 bytes ! version 15.1 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname Router ! ! ! ! ip dhcp excluded-address 10.0.40.1 ip dhcp excluded-address 10.0.30.1 ip dhcp excluded-address 10.0.20.1 ip dhcp excluded-address 10.0.10.1 ! ip dhcp pool Kamery network 10.0.10.0 255.255.255.0 default-router 192.168.1.2 ip dhcp pool KameryCzujniki network 10.0.20.0 255.255.255.0 default-router 192.168.1.2 ip dhcp pool Siec network 10.0.30.0 255.255.255.0 default-router 10.0.30.1 dns-server 8.8.8.8 ip dhcp pool AP network 10.0.40.0 255.255.255.0 default-router 10.0.40.1 dns-server 8.8.8.8 ! ! aaa new-model ! aaa authentication login abc1 local ! ! aaa authorization network GroupVPN local aaa authorization network abc2 local ! ! ! ! ! no ip cef no ipv6 cef ! ! ! username admin password 0 admin ! ! license udi pid CISCO1941/K9 sn FTX1524S3Q0- license boot module c1900 technology-package securityk9 ! ! ! crypto isakmp policy 10 encr 3des hash md5 authentication pre-share group 2 ! ! ! crypto isakmp client configuration group cisco key cisco123 pool VPNPOOL ! ! crypto ipsec transform-set set1 esp-3des esp-md5-hmac ! crypto dynamic-map map1 10 set transform-set set1 reverse-route ! crypto map map1 client authentication list abc1 crypto map map1 isakmp authorization list abc2 crypto map map1 client configuration address respond crypto map map1 10 ipsec-isakmp dynamic map1 ! ! ! ! ! ! spanning-tree mode pvst ! ! ! ! ! ! interface GigabitEthernet0/0 no ip address duplex auto speed auto crypto map map1 ! interface GigabitEthernet0/0.10 encapsulation dot1Q 10 ip address 10.0.10.1 255.255.255.0 ip access-group Kamery out ! interface GigabitEthernet0/0.20 encapsulation dot1Q 20 ip address 10.0.20.1 255.255.255.0 ip access-group Czujniki out ! interface GigabitEthernet0/0.30 encapsulation dot1Q 30 ip address 10.0.30.1 255.255.255.0 ip nat inside ! interface GigabitEthernet0/0.40 encapsulation dot1Q 40 ip address 10.0.40.1 255.255.255.0 ip nat inside ! interface GigabitEthernet0/1 ip address 192.168.1.1 255.255.255.0 duplex auto speed auto ! interface GigabitEthernet0/0/0 ip address 203.1.1.2 255.255.255.0 ip nat outside crypto map map1 ! interface Vlan1 no ip address shutdown ! router rip network 203.1.1.0 ! ip local pool VPNPOOL 192.168.1.10 192.168.1.25 ip nat pool NAT 203.1.1.3 203.1.1.5 netmask 255.255.255.0 ip nat inside source list 1 pool NAT ip classless ! ip flow-export version 9 ! ! ip access-list extended Kamery deny ip 10.0.20.0 0.0.0.255 10.0.10.0 0.0.0.255 deny ip 10.0.30.0 0.0.0.255 10.0.10.0 0.0.0.255 deny ip 10.0.40.0 0.0.0.255 10.0.10.0 0.0.0.255 permit ip 192.168.1.0 0.0.0.255 10.0.10.0 0.0.0.255 permit ip 10.0.10.0 0.0.0.255 10.0.10.0 0.0.0.255 deny ip any any ip access-list extended Czujniki deny ip 10.0.10.0 0.0.0.255 10.0.20.0 0.0.0.255 deny ip 10.0.30.0 0.0.0.255 10.0.20.0 0.0.0.255 deny ip 10.0.40.0 0.0.0.255 10.0.20.0 0.0.0.255 permit ip 192.168.1.0 0.0.0.255 10.0.20.0 0.0.0.255 permit ip 10.0.20.0 0.0.0.255 10.0.20.0 0.0.0.255 deny ip any any access-list 1 permit 10.0.30.0 0.0.0.255 access-list 1 permit 10.0.40.0 0.0.0.255 ! ! ! ! ! ! line con 0 ! line aux 0 ! line vty 0 4 ! ! ! end
It will be great help, thanks!
05-12-2020 08:25 PM - edited 05-12-2020 09:02 PM
I got it working somehow but now I cant apply crypto map to GigabitEthernet0/0.40 and GigabitEthernet0/0.30 cause there is no option like crypto map in subif.
Im trying to do that cause I cant connect to VPN from internal/home network. When I try it in simulation I got error
The Receiving port is not configured with crypto map command.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide