Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
881
Views
0
Helpful
0
Replies

VPN Config not working (Please Help)

Austin54757
Level 1
Level 1

‎07-17-2020 07:26 AM

I'm trying to setup a VPN connection and have to use an older router (2821), so some devices will be using the old VPN client and others will use AnyConnect. I assume this config and device supports both, just an older version of AnyConnect. I need help with this config (pasted below) I followed these guides to put it together. I did make a previous post, but nothing suggested worked or I did it incorrectly.

 

http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/809-cisco-router-vpn-client.html

 

http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/941-cisco-router-vpn-client-acls.html

 

Network:

The network is the client (home IP) -> vpn client that will give 10.100.1.0/24 IP -> through VPN router gateway (public IP) -> LAN interface assigned to a virtual template for NAT -> File Server on a 192.168.1.0/24 address 

 

Config: 

<RouterHostname>(config)#do show run
Building configuration...

Current configuration : 3617 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname <RouterHostname>
!
boot-start-marker
boot-end-marker
!
enable password <Enable password>
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login VpnAuth local
aaa authentication login sslvpn local
aaa authorization network VpnGroup local
!
aaa session-id common
!
resource policy
!
!
!
ip cef
!
!
no ip domain lookup
ip ssh version 2
!
!
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username <admin account> secret 5 $1$jX2p$ZGysnIzhw2JdScJV8NH7Z1
username <VPN connector account> secret 5 $1$NCm7$J4gATM7.A/HEAshf0l.9q.
!
!
!
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 2
!
crypto isakmp policy 2
encr aes 256
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group ClientVpn
key <key>
dns 192.168.1.160
pool VPN-Pool
acl 120
max-users 5
crypto isakmp profile VpnIkeProfile1
match identity group ClientVpn
client authentication list VpnAuth
isakmp authorization list VpnGroup
client configuration address respond
virtual-template 2
!
!
crypto ipsec transform-set VpnTransformSet esp-aes 256 esp-sha-hmac
!
crypto ipsec profile VpnProfile1
set transform-set VpnTransformSet
!
!
!
!
!
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1
description outside
ip address <PUBLIC IP AND SUBNET MASK>
duplex auto
speed auto
!
interface Virtual-Template2 type tunnel
ip unnumbered GigabitEthernet0/0
tunnel mode ipsec ipv4
tunnel protection ipsec profile VpnProfile1
!
interface Virtual-Template3 type tunnel
ip unnumbered GigabitEthernet0/0
ip access-group 121 in
tunnel mode ipsec ipv4
tunnel protection ipsec profile VpnProfile1
!
ip local pool VPN-Pool 10.100.1.20 10.100.1.40 <- example range
!
!
ip http server
no ip http secure-server
!
access-list 1 permit 0.0.0.2 255.255.255.128
access-list 100 remark DenyNATForVPNClients
access-list 100 deny ip 192.168.1.0 0.0.0.255 10.100.1.0 0.0.0.255
access-list 100 remark
access-list 100 remark InternetNat
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 110 remark CiscoVpnFileServer
access-list 110 permit ip host 192.168.1.162 any
access-list 110 remark
access-list 120 remark CiscoVPNUsers
access-list 120 permit ip 192.168.1.0 0.0.0.255 10.100.1.0 0.0.0.255
access-list 121 remark VTemplate3RestrictToFileServerPorts
access-list 121 permit tcp any host 192.168.1.162 eq www
access-list 121 permit tcp any host 192.168.1.162 eq 1433
access-list 121 permit tcp any host 192.168.1.162 eq 443
access-list 121 permit tcp any host 192.168.1.162 eq domain
access-list 121 permit udp any host 192.168.1.162 eq domain
access-list 121 permit udp any host 192.168.1.162 eq 135
access-list 121 permit udp any host 192.168.1.162 eq 136
access-list 121 permit udp any host 192.168.1.162 eq netbios-ns
access-list 121 permit udp any host 192.168.1.162 eq netbios-dgm
access-list 121 permit udp any host 192.168.1.162 eq netbios-ss
access-list 121 permit tcp any host 192.168.1.162 eq 139
access-list 121 permit tcp any host 192.168.1.162 eq 138
access-list 121 permit tcp any host 192.168.1.162 eq 137
access-list 121 permit tcp any host 192.168.1.162 eq 136
access-list 121 permit tcp any host 192.168.1.162 eq 135
access-list 121 deny ip any any
access-list 121 remark
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
access-class 1 in
logging synchronous
transport input ssh
!
scheduler allocate 20000 1000
!
end

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents