Hi All, I have configured EZVPN server on ASA and remote clien is IOS router. VPN is able connect without any issue. But in remote clients are loosing the internet connectivity, NAT translation becomes empty once I applied the crypto ipsec ezvpn outside in dialer interfaces below is configuration of router.
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2011.10.11 11:07:53 =~=~=~=~=~=~=~=~=~=~=~= sh run Building configuration... Current configuration : 2999 bytes ! ! Last configuration change at 07:03:00 UTC Tue Oct 11 2011 ! version 15.0 service config service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! ! no aaa new-model ! ! ! ! --More-- ! ! no ipv6 cef ip source-route ip cef ! ! ! ! ! ! ! ! redundancy ! ! ! ! ! --More-- ! crypto ipsec client ezvpn ASA connect acl 105 group aooman key hlg2oma@vpn mode network-extension peer 213.42.108.130 username hlgoman password us@hlom xauth userid mode local ! ! ! ! ! interface GigabitEthernet0/0 ip address 10.10.10.1 255.255.255.0 ip access-group 100 out ip nat inside ip virtual-reassembly duplex auto speed auto crypto ipsec client ezvpn ASA inside ! ! --More-- interface GigabitEthernet0/1 no ip address duplex auto speed auto pppoe enable group global pppoe-client dial-pool-number 1 no cdp enable ! ! interface GigabitEthernet0/2 no ip address shutdown duplex auto speed auto ! ! interface Dialer0 no ip address ! ! interface Dialer1 ip address negotiated ip access-group 101 in --More-- ip mtu 1492 ip nat outside ip virtual-reassembly encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 dialer-group 1 ppp authentication chap pap callin ppp chap hostname hlgoman ppp chap password 7 15160D1A503A797C2E ppp pap sent-username hlgoman password 7 06020937185E5B410357 ppp ipcp dns request accept ppp ipcp route default ppp ipcp address accept ! ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ip nat inside source route-map nonat interface Dialer1 overload ip route 0.0.0.0 0.0.0.0 Dialer1 --More-- ip route 172.23.1.0 255.255.255.0 10.10.10.2 ip route 172.23.2.0 255.255.255.0 10.10.10.2 ! ip access-list extended VPN_ACCESS deny ip 172.23.1.0 0.0.0.255 172.16.0.0 0.0.255.255 deny ip 172.23.2.0 0.0.0.255 172.16.0.0 0.0.255.255 deny ip 10.10.10.0 0.0.0.255 172.16.0.0 0.0.255.255 permit ip 172.23.1.0 0.0.0.255 any permit ip 172.23.2.0 0.0.0.255 any permit ip 10.10.10.0 0.0.0.255 any ! access-list 10 permit 172.23.2.0 0.0.0.255 access-list 10 permit 172.23.1.0 0.0.0.255 access-list 10 permit 10.10.10.0 0.0.0.255 access-list 100 permit ip any any access-list 101 permit ip any any access-list 105 permit ip 10.10.10.0 0.0.0.255 172.16.0.0 0.0.255.255 access-list 105 permit ip 172.23.1.0 0.0.0.255 172.16.0.0 0.0.255.255 access-list 105 permit ip 172.23.2.0 0.0.0.255 172.16.0.0 0.0.255.255 access-list 106 permit ip 172.23.1.0 0.0.0.255 any access-list 106 permit ip 172.23.2.0 0.0.0.255 any access-list 106 permit ip 10.10.10.0 0.0.0.255 any dialer-list 1 protocol ip permit ! ! ! ! route-map EVPN permit 1 match ip address 105 ! route-map nonat permit 10 match ip address VPN_ACCESS ! ! ! control-plane ! ! ! line con 0 line aux 0 line vty 0 4 password 7 07062C584F0A485744 login ! scheduler allocate 20000 1000 --More-- end Router#
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
