Hey guys, maybe one of you have deal with something like this and can give
me some advice.
I'm trying to configure a VPN between a Cisco 800 and a computer with the
Cisco Secure VPN Client. The router has a valid IP address and the client
connects to the internet by modem via an ISP with a dynamic IP address. I've
read tons of documentation and configuration examples but I can't make it
work.
I know that the client is properly configured, I'm having problems with the
router. The VPN is set properly and I have checked that there is incoming
traffic from the client to the router, the problem is on outgoing traffic
from the router to the client. For some reason the router is not encrypting
properly and the packets destined for the client (192.168.143.X) are not
encapsulated in the right way and the destination address is 192.168.143.X
instead the IP address assigned to the client by the ISP. I have concluded
that, but I haven't been able to check it.
I've been dealing with this for a whole week and I can't find the solution,
I've tried everything without result. Have you got any ideas?
Current configuration:
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname CISCOADSL
!
no logging on
enable secret 5 jdkjvfnksjdfnvj
enable password 7 jndfkjvnfdvv
!
username Acceso password 7 dliviiiiedj
!
!
!
!
ip subnet-zero
!
!
!
crypto isakmp policy 3
hash md5
authentication pre-share
crypto isakmp key keytoaccess address 0.0.0.0 0.0.0.0
crypto isakmp client configuration address-pool local vpn-pool
!
!
crypto ipsec transform-set vpn-transform esp-des esp-md5-hmac
!
crypto dynamic-map vpn-dynamic 1
set transform-set vpn-transform
match address 105
!
!
crypto map vpnclient client configuration address initiate
crypto map vpnclient client configuration address respond
crypto map vpnclient 1 ipsec-isakmp dynamic vpn-dynamic
!
!
!
!
interface Ethernet0
ip address 192.168.143.5 255.255.255.0
ip nat inside
no ip mroute-cache
!
interface ATM0
no ip address
no ip mroute-cache
no atm ilmi-keepalive
pvc 0/33
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
bundle-enable
dsl operating-mode auto
hold-queue 224 in
!
interface Dialer0
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
ppp authentication chap
ppp chap hostname user@grapesadsl
ppp chap password 7 oijwijdiejf
crypto map vpnclient
!
ip local pool vpn-pool 192.168.144.1 192.168.144.254
ip nat inside source route-map nonat interface Dialer0 overload
ip nat inside source static tcp 192.168.143.70 110 212.145.32.123 110
extendable
ip nat inside source static tcp 192.168.143.70 80 212.145.32.123 80
extendable
ip nat inside source static tcp 192.168.143.70 25 212.145.32.123 25
extendable
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
!
access-list 101 deny ip 192.168.143.0 0.0.0.255 192.168.144.0 0.0.0.255
access-list 101 permit ip 192.168.143.0 0.0.0.255 any
access-list 105 permit ip 192.168.143.0 0.0.0.255 192.168.144.0 0.0.0.255
route-map nonat permit 1
match ip address 101
!
!
line con 0
transport input none
stopbits 1
line vty 0 4
password 7 jnwdfjknwkjf
login
!
scheduler max-task-time 5000
end
_______________________________________________
Mario Sainz
[EMAIL PROTECTED]
Voiceware Comunicaciones S.A.
Departamento técnico.
Telf: 902.999.905 -- Fax:91.623.96.06
http://www.voiceware.es
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
