Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
299
Views
3
Helpful
2
Replies

VPN Client with a EZ VPN Server on a Router

hacabrera001
Level 1
Level 1

‎08-29-2005 11:45 AM - edited ‎02-21-2020 01:56 PM

Hi guys, I'm experiencing this problem, the application is still a pilot, it is not in production (yet), so, Can you give me a hand trying to figure out what is causing this problem?

I need to connect several remote access clients to my internal network. I'm using Cisco VPN Client 4.6.00.0045 with all those clients, and my Internet Router (Cisco 3640 Router with IOS 12.4(1a) as the EZ VPN Server.

I already configured my router as the EZ VPN Server, and I'm able to connect from all the clients to the EZVPN Server without any problem.

The only thing I'm concerned about is that, as soon as I connect the client to the VPN it loses the connection to the LAN that it is connected to (I know I can solve this problem with the "Allow Local LAN Access" option in both the Client and the Server), and then I try to ping the External Interface of the EZVPN Server and I get response, then I ping the Internal Interface of the EZVPN Server and I get response too, BUT, If I try to ping one of the internal hosts (those on the EZVPN Server's LAN) I don't get any response at all, and I don't have Internet connection too.

This is the group of commands I applied to my EZVPN Server so you can check them...

--------------------------------------------------------------------------------

aaa authentication login tme-remote-access local

crypto isakmp xauth timeout 30

crypto map vpnremotes-map client authentication list tme-remote-access

ip local pool tme-remote-pool 192.168.1.20 192.168.1.25

aaa authorization network tme-remote-access local

crypto isakmp enable

crypto isakmp policy 1

authentication pre-share

encryption 3des

group 2

exit

crypto isakmp client configuration group tme-remote-access

key xxx

dns X.X.X.X X.X.X.X

domain something.com

pool tme-remote-pool

crypto ipsec transform-set vpnremotes esp-3des esp-sha-hmac

crypto dynamic-map vpnremotes-map 1

set transform-set vpnremotes

reverse-route

exit

crypto map vpnremotes-map client configuration address respond

crypto map vpnremotes-map isakmp authorization list tme-remote-access

crypto map vpnremotes-map 1 ipsec-isakmp dynamic vpnremotes-map

interface f0/0

crypto map vpnremotes-map

exit

--------------------------------------------------------------------------------

I really hope you guys can give me a hand...

Thank you very much!!!!

Labels:
0 Helpful
2 Replies 2

hacabrera001
Level 1
Level 1

‎08-29-2005 03:18 PM

Hey guys...

I already solved 1 problem... I already have internet connection even if I'm connected to the VPN. :) I just added a couple of lines in my config.

access-list 110 permit ip 192.168.1.0 0.0.0.255 any

crypto isakmp client configuration group tme-remote-access

key KEY01

dns X.X.X.X X.X.X.X

domain something.com

pool tme-remote-pool

--> include-local-lan <-- Just added

--> acl 110 <-- Just added

That already solved my problem, but I still CAN'T connect to any of the hosts in my EZVPN Server's LAN Segment.

I'm pretty sure it is a problem with Split Tunneling, but I could't find it.

Thanks in advance.

Heriberto A. Cabrera

0 Helpful

optimhom97
Level 1
Level 1
In response to hacabrera001

‎09-01-2005 09:26 AM

I think your problem comes from NAt :

try adding this :

ip nat inside source route-map NoNat interface NextHop(or interface) overload

ip access-list extended No-Nat-Vpn-Client

deny ip IP-NET-LAN 0.255.255.255 NET-VPN 0.0.0.255

permit ip IP-NET-LAN 0.255.255.255 any

I can browsing my network with that conf but I have problems to download files from servers... If u have an idea... maybe I have a MTU problem...you can join me by mail too : tanguy.pdf@wanadoo.fr

Customers Also Viewed These Support Documents