REMOTE ACCESS VPN

Sumesh N.S · ‎05-31-2015

Hi

The following is my scenario and i am trying to do remote access vpn. I am able to connect to Cisco router from vpn client but i am not able to ping to the LAN PC from the vpn client pc.

VPN CLIENT PC--------------------------------ROUTER---------------------------LAN PC
172.30.1.0/24 10.0.1.0/24

The following is my configuration:

crypto isakmp enable

crypto isakmp policy 110
encryption 3des
hash md5
authentication pre-share
group 2
exit

crypto isakmp identity address

crypto ipsec transform-set myset esp-3des esp-md5-hmac
mode tunnel
exit

ip access-list extended SPLIT
permit ip 10.0.1.0 0.0.0.255 any
exit

ip local pool Remote-Pool 10.0.1.100 10.0.1.150

aaa new-model
aaa authorization network vpn-group local
aaa authentication login vpn-users local
exit

username cisco password cisco

crypto isakmp client configuration group R6
key VPNKEY
pool Remote-Pool
acl SPLIT
exit

crypto dynamic-map dmap 10
set transform-set myset
reverse-route
exit

crypto map mymap client configuration address respond

crypto map mymap isakmp authorization list vpn-group

crypto map mymap client authentication list vpn-users
crypto map mymap 65535 ipsec-isakmp dynamic dmap

int f0/1
crypto map mymap
exit

Marvin Rhoads · ‎05-31-2015

Have you exempted the VPN traffic from any NAT policy?

Sumesh N.S · ‎05-31-2015

no i did not configure any nat in this lab.

Abaji Rawool · ‎06-01-2015

Hi,

Do you see the ipsec sa with encrypts and decrypts on the router?

show cry ips sa peer <client public ip>

Does the PC has return route to VPN pool

HTH

Abaji.