Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
814
Views
0
Helpful
1
Replies

VPN configuration troubles

haa
Level 1
Level 1

‎11-29-2017 01:39 AM - edited ‎03-12-2019 04:46 AM

Hi all,

 

so I got a cisco router 880, which I wanna configure to get access to its network via vpn , and also configuring remote desktop connection to one of the server in my LAN from home.

 

I tried a lot of combines, and i admit I m not that good with cisco NAT, ACL and PATS. 

If anyone can help me figure the issue with my configuration below I would be gratefu:

 

Building configuration...

Current configuration : 2679 bytes
!
! Last configuration change at 16:16:38 UTC Tue Nov 28 2017
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname mloc
!
boot-start-marker
boot-end-marker
!
!
enable password <removed>
!
aaa new-model
!
!
aaa authentication login userauthen local
aaa authorization network groupauthor local 
!
!
!
!
!
aaa session-id common
!
!
!
!
!
!
!
!
!
!


!
!
!
!
ip domain name ***.com
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
license udi pid C881-K9 sn FCZ2102137X
!
!
username user password 0 <removed>
username cisco
!
!
!
!
!
! 
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group vpnclient
key <removed>
dns 192.168.90.254
pool ippool
acl 101
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac 
mode tunnel
!
!
!
crypto dynamic-map dymap 10
set transform-set myset 
reverse-route
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dymap 
!
!
!
!
!
!
interface FastEthernet0
switchport access vlan 100
no ip address
duplex full
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
description interface-wan
ip address 192.168.1.2 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map clientmap
!
interface Vlan1
no ip address
!
interface Vlan100
description vlan-operationnel
ip address 192.168.90.254 255.255.255.0
ip nat inside
no ip virtual-reassembly in
!
ip local pool ippool 192.168.100.1 192.168.100.15
ip forward-protocol nd
ip http server
no ip http secure-server
!
!
ip nat source list 2 interface FastEthernet4 overload
ip nat inside source list 111 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.90.2 3399 "PUBLIC IP" 3399 extendable
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
access-list 2 permit 192.168.90.0 0.0.0.255
access-list 101 permit ip 192.168.90.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 111 deny ip 192.168.90.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 111 permit ip any any
!
!
!
control-plane
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
transport input ssh
!
scheduler allocate 20000 1000
!
!
end

 

 

Thank you a lot !

Labels:
0 Helpful
1 Reply 1

Marius Gunnerud
VIP
VIP

‎12-31-2017 06:29 AM

From the looks of it, you are using the Cisco IPsec VPN client?

Is your PC able to connect to the VPN but you are not able to access the network behind?

Is your PC being assigned the correct IP address once you connect to the VPN?

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents