--begin ciscomoderator note-- The following post has been edited to remove potentially confidential information. Please refrain from posting confidential information on the site to reduce security risks to your network. -- end ciscomoderator note --
Hi,
I have Cisco 2650XM running IPSEC IOS. I configured to vpn local client authentication . I establish ipsec tunnel more don´t ping from router to my vpn client (windows 2k with vpn client 4.0). If someone may help me , my express gratitude.
Best Regard
Joao Medeiros
SH RUN
Current configuration : 8092 bytes
!
! Last configuration change at 09:09:04 GMT Tue Mar 2 1993 by lordz
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname router_vpn_fns
!
boot system flash c2600-ik9o3s-mz.122-11.T.bin
aaa new-model
!
!
aaa authentication login default local
aaa authorization network default local
aaa session-id common
!
clock timezone GMT -3
voice-card 0
dspfarm
!
ip subnet-zero
no ip source-route
ip cef
!
!
no ip domain lookup
ip domain name agm-tele.com
ip name-server 192.168.10.1
!
no ip bootp server
ip audit notify log
ip audit po max-events 100
ip ssh time-out 60
ip ssh port 2000 rotary 1
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 110
authentication pre-share
lifetime 10000
!
crypto isakmp policy 130
authentication pre-share
lifetime 10000
crypto isakmp key xxx address xxx.xxx.76.22
crypto isakmp key xxx address yyy.yyy.149.190
!
crypto isakmp client configuration group xlordz
key cisco123
dns 192.168.10.1
domain agm-tele.com
pool ldz-pool
acl 108
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set agmipsec_gyn esp-3des esp-sha-hmac
crypto ipsec transform-set agmipsec_poa esp-3des esp-sha-hmac
crypto ipsec transform-set ldz-set esp-3des esp-sha-hmac
!
crypto dynamic-map ldz_dynmap 10
set transform-set ldz-set
!
!
crypto map ldz_map client authentication list default
crypto map ldz_map isakmp authorization list default
crypto map ldz_map client configuration address respond
crypto map ldz_map 10 ipsec-isakmp dynamic ldz_dynmap
!
crypto map agmmap_gyn local-address Serial0/0
crypto map agmmap_gyn 1 ipsec-isakmp
set peer xxx.xxx.76.22
set transform-set agmipsec_gyn
set pfs group2
match address 120
qos pre-classify
crypto map agmmap_gyn 2 ipsec-isakmp
set peer yyy.yyy.149.190
set transform-set agmipsec_poa
set pfs group2
match address 130
!
!
!
voice call carrier capacity active
!
voice class codec 1
codec preference 1 g729r8 bytes 60
codec preference 2 g711alaw
!
!
fax interface-type fax-mail
mta receive maximum-recipients 0
!
controller E1 0/1
mode cas
framing NO-CRC4
line-termination 75-ohm
ds0-group 0 timeslots 1-15,17 type r2-digital r2-compelled ani
ds0-group 1 timeslots 18-31 type r2-digital r2-compelled ani
cas-custom 0
country brazil
metering
answer-signal group-b 1
cas-custom 1
country brazil
metering
answer-signal group-b 1
!
!
!
!
interface FastEthernet0/0
ip address 192.168.15.1 255.255.255.0 secondary
ip address 192.168.7.1 255.255.255.0 secondary
ip address 192.168.10.10 255.255.255.0
ip nbar protocol-discovery
load-interval 30
speed auto
full-duplex
priority-group 1
no cdp enable
!
interface Serial0/0
bandwidth 512
ip address 200.193.103.154 255.255.255.252
ip nbar protocol-discovery
encapsulation frame-relay IETF
load-interval 30
priority-group 1
frame-relay interface-dlci 507
frame-relay lmi-type ansi
crypto map ldz_map
!
interface FastEthernet0/1
no ip address
ip nbar protocol-discovery
load-interval 30
shutdown
duplex auto
speed auto
no cdp enable
!
ip local pool ldz-pool 192.168.10.3 192.168.10.5
ip classless
ip route 0.0.0.0 0.0.0.0 200.193.103.153
ip route 192.168.20.0 255.255.255.0 xxx.xxx.76.22
ip route 192.168.25.0 255.255.255.0 xxx.xxx.76.22
ip route 192.168.30.0 255.255.255.0 yyy.yyy.149.190
ip route 192.168.35.0 255.255.255.0 yyy.yyy.149.190
ip route vvv.vvv.17.152 255.255.255.248 192.168.10.1
ip http server
ip pim bidir-enable
!
!
ip access-list extended dns-servers
ip access-list extended key-exchange
!
access-list 1 permit 192.168.10.44 log
access-list 1 permit 192.168.10.2 log
access-list 1 permit 192.168.10.1 log
access-list 1 permit vvv.vvv.17.154 log
access-list 108 permit ip any 192.168.10.0 0.0.0.255 log
access-list 108 permit ip any any log
access-list 120 permit ip any 192.168.20.0 0.0.0.255 log
access-list 120 permit ip any 192.168.25.0 0.0.0.255 log
access-list 120 permit ip any host xxx.xxx.76.22 log
access-list 120 deny ip any any log
access-list 130 permit ip any 192.168.30.0 0.0.0.255 log
access-list 130 permit ip any 192.168.35.0 0.0.0.255 log
access-list 130 permit ip any host yyy.yyy.149.190 log
access-list 130 deny ip any any log
access-list 140 deny udp 192.168.20.0 0.0.0.255 any range netbios-ns
netbios-ss log
access-list 140 deny udp 192.168.25.0 0.0.0.255 any range netbios-ns
netbios-ss log
access-list 140 deny udp 192.168.30.0 0.0.0.255 any range netbios-ns
netbios-ss log
access-list 140 deny udp 192.168.35.0 0.0.0.255 any range netbios-ns
netbios-ss log
access-list 140 deny tcp 192.168.20.0 0.0.0.255 any range 137 139 log
access-list 140 deny tcp 192.168.25.0 0.0.0.255 any range 137 139 log
access-list 140 deny tcp 192.168.30.0 0.0.0.255 any range 137 139 log
access-list 140 deny tcp 192.168.35.0 0.0.0.255 any range 137 139 log
access-list 140 deny tcp 192.168.20.0 0.0.0.255 any eq 5900 log
access-list 140 deny tcp 192.168.25.0 0.0.0.255 any eq 5900 log
access-list 140 deny tcp 192.168.30.0 0.0.0.255 any eq 5900 log
access-list 140 deny tcp 192.168.35.0 0.0.0.255 any eq 5900 log
access-list 140 permit ip any any log
dialer-list 1 protocol ip permit
no cdp run
!
snmp-server community xxxxxxxxxx
snmp-server enable traps tty
call rsvp-sync
!
voice-port 0/1:0
!
voice-port 0/1:1
!
no mgcp timer receive-rtcp
!
mgcp profile default
!
dial-peer cor custom
!
!
!
!
line con 0
exec-timeout 2 0
logging synchronous
length 50
line aux 0
exec-timeout 0 10
no exec
line vty 0 4
access-class 1 in
transport input telnet ssh
!
ntp master
!
end
