Routing problem with IOS VPN <-> CVPN client - Cisco Community

369

Views

0

Helpful

1

Replies

topology

CVPN on winxp --> 1600 w/ NAT&DHCP --> internet <--> IOS VPN on 2600.

I am able to est the tunnel over the NAT however I can not reach host or networks beyond or on the VPN router.

here is my VPN config:

username VPN_CLIENT password xxxxx

aaa new-model

!

aaa authentication login VPNCLIENTS local

aaa authorization network VPNCLIENTS local

aaa session-id common

!

crypto isakmp policy 3

encr 3des

authentication pre-share

group 2

crypto isakmp client configuration address-pool local VPN_POOL

!

crypto isakmp client configuration group VPN_CLIENT

key xxxx

pool VPN_POOL

!

crypto ipsec transform-set VPN_CLIENT esp-3des esp-sha-hmac

no crypto ipsec nat-transparency udp-encaps

!

crypto dynamic-map VPN_DYNAMIC 1

set transform-set VPN_CLIENT

reverse-route

!

crypto map VPN_CLIENT client authentication list VPNCLIENTS

crypto map VPN_CLIENT isakmp authorization list VPNCLIENTS

crypto map VPN_CLIENT client configuration address respond

crypto map VPN_CLIENT 1 ipsec-isakmp dynamic VPN_DYNAMIC

!

interface FastEthernet0/0

ip address 10.202.151.xxx 255.255.255.224

speed 100

full-duplex

!

interface FastEthernet0/1

ip address 64.60.42.xxx 255.255.255.0

speed 100

full-duplex

crypto map VPN_CLIENT

!

router eigrp 75

passive-interface FastEthernet0/1

network 10.0.0.0

distribute-list 10 in

no auto-summary

!

ip local pool VPN_POOL 192.168.200.1 192.168.200.10

ip route 0.0.x.x.x.x.0 64.60.42.1

1 Reply 1

Try setting up RIP V2 instead of EIGRP on the inside interface of the concentrator and check the status.

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community