Hi,

I need to change the access method for remote locations as network extension mode; currently the remote location users are accessing HO using the cisco vpn client software.

The server configuration and network extension mode config are below

Issues with

1. Loopback interface - When I create the loop back interface in HO, the remote location users cannot access HO. If I remove the loopback then I can ping 192.168.0.1 source 10.100.100.11.

2. I need to create both way access, and forward the interesting traffic, in that case how to configure the routing? I did static route as below on both side

Head office router

ip route 172.16.0.0 255.255.255.0 10.100.100.11  -- To forward local traffic to Remote location

Remote

ip route 192.168.0.0 255.255.255.0 10.100.100.1  -- To forward local traffic to Head office

3 the saved-password option is not working,?

Please suggest if I can accomplish this task in any other methods or point out the issue on my configurations. Thanks

Server - Router Configuration

aaa new-model

!

!

aaa authentication login userauthen local

aaa authorization network groupauthor local

!

!

aaa session-id common

ip cef

!

Username cisco password cisco1234

!

crypto isakmp policy 3

encr 3des

authentication pre-share

group 2

!

crypto isakmp client configuration group new-location

key cisco123

pool remote-pool

acl 151

save-password

!

!

crypto ipsec transform-set myset esp-3des esp-md5-hmac

!

crypto dynamic-map dynmap 10

set transform-set myset

reverse-route

!

!

crypto map mymap client authentication list userauthen

crypto map mymap isakmp authorization list groupauthor

crypto map mymap client configuration address respond

crypto map mymap 10 ipsec-isakmp dynamic dynmap

!

!

!

!

!

!

interface FastEthernet0/0

ip address xx.yy.xy.yx 255.255.255.248 – ISP Provided public IP

ip access-group 143 in

ip nat outside

ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

crypto map mymap

!

interface FastEthernet0/1

ip address 192.168.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

Interface Loopback 0

ip address 10.100.100.1 255.255.255.0

!

!

ip local pool remote-pool 10.100.100.10 100.100.100.200

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 xx.yy.xy.xy – ISP public IP

ip route 172.16.0.0 255.255.255.0 10.100.100.11  ------  To forward local traffic to Remote location

!

!

ip http server

ip http secure-server

ip nat inside source list 111 interface FastEthernet0/0 overload

!

access-list 151 permit ip 192.168.0.0 0.0.0.255 10.100.100.0 0.0.0.255

access-list 111 deny  ip 192.168.0.0 0.0.0.255 10.100.100.0 0.0.0.255

access-list 111 permit ip any any

!

control-plane

!

!

line con 0

line aux 0

line vty 0 4

password 0 cisco

!

!

End

Client - Router Configuration

!

ip cef

!

!

!

Username cisco password cisco1234

!

crypto ipsec client ezvpn ez

connect auto

group new-location key cisco123

mode network-extension

peer xx.yy.xy.yx – head office ISP Provided IP

username cisco password cisco1234

xauth userid mode interactive

!

interface Loopback0

ip address 10.100.100.11 255.255.255.0

crypto ipsec client ezvpn ez inside

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

switchport access vlan 2

!

!

!

interface Vlan1

ip address 172.16.0.1 255.255.255.0

!

interface vlan2

ip address 192.168.1.2 255.255.255.0

crypto ipsec client ezvpn ez

ip route 0.0.0.0 0.0.0.0 192.168.1.1

ip route 192.168.0.0 255.255.255.0 10.100.100.1  ----  To forward local traffic to Head office

!

!

no ip http server

no ip http secure-server

!

!

control-plane

!

!

line con 0

no modem enable

line aux 0

line vty 0 4

login

!End