- Cisco Community
- Technology and Support
- Security
- VPN
- VPN Cisco 2620xm router unable to connect to local lan
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
VPN Cisco 2620xm router unable to connect to local lan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2013 02:38 AM
I setup EasyVPN Server on the 2620xm router
I can connect but not see the local lan
It is like no tunnel is created
I must be missing something in my config
!
! Last configuration change at 03:58:29 CST Thu Dec 19 2013 by SCORPION
! NVRAM config last updated at 03:59:09 CST Thu Dec 19 2013 by SCORPION
!
version 12.4
parser config cache interface
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec show-timezone
service password-encryption
service sequence-numbers
!
hostname xxxxx
!
boot-start-marker
boot-end-marker
!
logging count
logging buffered 10000 debugging
logging rate-limit 10000
logging console informational
logging monitor informational
enable secret 5 xxxxx
enable password 7 xxxxx
!
aaa new-model
!
!
aaa authentication login local_auth local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization network sdm_vpn_group_ml_1 local
!
aaa session-id common
memory-size iomem 10
clock timezone CST -6
clock summer-time CDT recurring
no network-clock-participate slot 1
no network-clock-participate wic 0
no ip source-route
no ip gratuitous-arps
ip cef
!
!
!
!
no ip bootp server
ip domain name xxxxx
ip name-server 192.168.0.1
ip name-server 192.168.0.10
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-3030517303
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3030517303
revocation-check none
rsakeypair TP-self-signed-3030517303
!
!
username SCORPION privilege 15 view root secret 5 xxxxx
!
!
ip tcp synwait-time 10
ip ssh authentication-retries 5
ip ssh logging events
ip ssh version 2
ip rcmd rcp-enable
ip rcmd remote-host sdmR84979c1a 192.168.0.15 L84979c1a enable
ip rcmd remote-username sdmR84979c1a
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group CISCO_IPSEC
key xxxxx
dns 192.168.0.1 192.168.0.10
domain xxxxx
pool SDM_POOL_1
include-local-lan
netmask 255.255.255.0
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA
reverse-route
!
!
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
buffers tune automatic
!
!
!
interface FastEthernet0/0
description {SCORPNET)$ETH-LAN$$FW_INSIDE$
mac-address 000f.23c4.6e80
ip address 192.168.0.50 255.255.255.0
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface Serial0/0
no ip address
shutdown
no fair-queue
!
interface ATM0/1
no ip address
shutdown
atm restart timer 300
no atm ilmi-keepalive
dsl operating-mode auto
!
interface FastEthernet1/0
description (ATT Uverse)$ETH-WAN$$FW_OUTSIDE$
mac-address 000f.23c4.6e90
ip address 107.219.166.17 255.255.255.248
ip access-group 102 in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat outside
ip inspect SDM_LOW out
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no cdp enable
no mop enabled
crypto map SDM_CMAP_1
!
ip local pool SDM_POOL_1 192.168.1.1 192.168.1.3
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 107.219.166.22 permanent
!
!
ip http server
ip http access-class 2
ip http secure-server
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet1/0 overload
ip nat inside source static tcp 192.168.0.1 20 107.219.166.17 20 route-map SDM_RMAP_6 extendable
ip nat inside source static tcp 192.168.0.1 21 107.219.166.17 21 route-map SDM_RMAP_5 extendable
ip nat inside source static tcp 192.168.0.10 25 107.219.166.17 25 route-map SDM_RMAP_12 extendable
ip nat inside source static tcp 192.168.0.1 80 107.219.166.17 80 route-map SDM_RMAP_3 extendable
ip nat inside source static udp 192.168.0.11 88 107.219.166.17 88 route-map SDM_RMAP_16 extendable
ip nat inside source static udp 192.168.0.1 500 107.219.166.17 500 route-map SDM_RMAP_17 extendable
ip nat inside source static tcp 192.168.0.1 990 107.219.166.17 990 route-map SDM_RMAP_19 extendable
ip nat inside source static tcp 192.168.0.11 3074 107.219.166.17 3074 route-map SDM_RMAP_15 extendable
ip nat inside source static udp 192.168.0.11 3074 107.219.166.17 3074 route-map SDM_RMAP_2 extendable
ip nat inside source static udp 192.168.0.1 4500 107.219.166.17 4500 route-map SDM_RMAP_8 extendable
ip nat inside source static udp 192.168.0.1 10000 107.219.166.17 10000 route-map SDM_RMAP_9 extendable
ip nat inside source static udp 192.168.0.1 17478 107.219.166.17 17478 route-map SDM_RMAP_18 extendable
ip nat inside source static tcp 192.168.0.1 40000 107.219.166.17 40000 route-map SDM_RMAP_13 extendable
ip nat inside source static tcp 192.168.0.1 40001 107.219.166.17 40001 route-map SDM_RMAP_11 extendable
ip nat inside source static tcp 192.168.0.1 40002 107.219.166.17 40002 route-map SDM_RMAP_14 extendable
ip nat inside source static tcp 192.168.0.1 40003 107.219.166.17 40003 route-map SDM_RMAP_21 extendable
ip nat inside source static tcp 192.168.0.1 40004 107.219.166.17 40004 route-map SDM_RMAP_20 extendable
ip nat inside source static tcp 192.168.0.1 40005 107.219.166.17 40005 route-map SDM_RMAP_7 extendable
ip nat inside source static tcp 192.168.0.1 55368 107.219.166.17 55368 route-map SDM_RMAP_4 extendable
ip nat inside source static tcp 192.168.0.15 60817 107.219.166.17 60817 route-map SDM_RMAP_10 extendable
!
logging source-interface FastEthernet0/0
logging 192.168.0.1
access-list 1 remark SDM_ACL Category=16
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 23 permit 192.168.0.15
access-list 23 permit 192.168.0.1
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 deny ip 107.219.166.16 0.0.0.7 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 permit ip any any
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 remark DELTA FORCE LAND WORRIOR
access-list 102 permit udp any host 107.219.166.17 eq 17478
access-list 102 remark XBOX
access-list 102 permit udp any host 107.219.166.17 eq 88
access-list 102 permit udp any host 107.219.166.17 eq 3074
access-list 102 permit tcp any host 107.219.166.17 eq 3074
access-list 102 remark WWW
access-list 102 permit tcp any host 107.219.166.17 eq www
access-list 102 permit tcp any host 107.219.166.17 eq 443
access-list 102 remark SMTP
access-list 102 permit tcp any host 107.219.166.17 eq smtp
access-list 102 remark FTP
access-list 102 permit tcp any host 107.219.166.17 eq ftp
access-list 102 permit tcp any host 107.219.166.17 eq ftp-data
access-list 102 permit tcp any host 107.219.166.17 eq ftp-data established
access-list 102 permit tcp any host 107.219.166.17 range 40000 40005
access-list 102 permit tcp any host 107.219.166.17 eq 990
access-list 102 remark uTORRENT
access-list 102 permit tcp any host 107.219.166.17 eq 60817
access-list 102 permit tcp any host 107.219.166.17 eq 55368
access-list 102 remark DNS
access-list 102 permit udp host 192.168.0.1 eq domain host 107.219.166.17
access-list 102 permit udp host 192.168.0.10 eq domain host 107.219.166.17
access-list 102 deny ip 192.168.0.0 0.0.0.255 any
access-list 102 remark VPN/IPSEC
access-list 102 permit udp any host 107.219.166.17 eq isakmp
access-list 102 permit udp any host 107.219.166.17 eq non500-isakmp
access-list 102 permit udp any host 107.219.166.17 eq 10000
access-list 102 remark ICMP
access-list 102 permit icmp any host 107.219.166.17 echo-reply
access-list 102 permit icmp any host 107.219.166.17 time-exceeded
access-list 102 permit icmp any host 107.219.166.17 unreachable
access-list 102 deny ip 10.0.0.0 0.255.255.255 any
access-list 102 deny ip 172.16.0.0 0.15.255.255 any
access-list 102 deny ip 192.168.0.0 0.0.255.255 any
access-list 102 deny ip 127.0.0.0 0.255.255.255 any
access-list 102 deny ip host 255.255.255.255 any
access-list 102 deny ip host 0.0.0.0 any
access-list 102 deny ip any any log
access-list 103 remark SDM_ACL Category=2
access-list 103 deny ip any host 192.168.1.1
access-list 103 deny ip any host 192.168.1.2
access-list 103 deny ip any host 192.168.1.3
access-list 103 deny tcp host 192.168.0.1 eq ftp-data any
access-list 103 deny tcp host 192.168.0.1 eq ftp any
access-list 103 deny tcp host 192.168.0.10 eq smtp any
access-list 103 deny tcp host 192.168.0.1 eq www any
access-list 103 deny udp host 192.168.0.11 eq 88 any
access-list 103 deny udp host 192.168.0.1 eq isakmp any
access-list 103 deny tcp host 192.168.0.1 eq 990 any
access-list 103 deny tcp host 192.168.0.11 eq 3074 any
access-list 103 deny udp host 192.168.0.11 eq 3074 any
access-list 103 deny udp host 192.168.0.1 eq non500-isakmp any
access-list 103 deny udp host 192.168.0.1 eq 10000 any
access-list 103 deny udp host 192.168.0.1 eq 17478 any
access-list 103 deny tcp host 192.168.0.1 eq 40000 any
access-list 103 deny tcp host 192.168.0.1 eq 40001 any
access-list 103 deny tcp host 192.168.0.1 eq 40002 any
access-list 103 deny tcp host 192.168.0.1 eq 40003 any
access-list 103 deny tcp host 192.168.0.1 eq 40004 any
access-list 103 deny tcp host 192.168.0.1 eq 40005 any
access-list 103 deny tcp host 192.168.0.1 eq 55368 any
access-list 103 deny tcp host 192.168.0.15 eq 60817 any
access-list 103 permit ip 192.168.0.0 0.0.0.255 any
access-list 104 remark SDM_ACL Category=2
access-list 104 deny ip host 192.168.0.11 host 192.168.1.3
access-list 104 deny ip host 192.168.0.11 host 192.168.1.2
access-list 104 deny ip host 192.168.0.11 host 192.168.1.1
access-list 104 permit udp host 192.168.0.11 eq 3074 any
access-list 105 remark SDM_ACL Category=2
access-list 105 deny ip host 192.168.0.1 host 192.168.1.3
access-list 105 deny ip host 192.168.0.1 host 192.168.1.2
access-list 105 deny ip host 192.168.0.1 host 192.168.1.1
access-list 105 permit tcp host 192.168.0.1 eq www any
access-list 106 remark SDM_ACL Category=2
access-list 106 deny ip host 192.168.0.1 host 192.168.1.3
access-list 106 deny ip host 192.168.0.1 host 192.168.1.2
access-list 106 deny ip host 192.168.0.1 host 192.168.1.1
access-list 106 permit tcp host 192.168.0.1 eq 55368 any
access-list 107 remark SDM_ACL Category=2
access-list 107 deny ip host 192.168.0.1 host 192.168.1.3
access-list 107 deny ip host 192.168.0.1 host 192.168.1.2
access-list 107 deny ip host 192.168.0.1 host 192.168.1.1
access-list 107 permit tcp host 192.168.0.1 eq ftp any
access-list 108 remark SDM_ACL Category=2
access-list 108 deny ip host 192.168.0.1 host 192.168.1.3
access-list 108 deny ip host 192.168.0.1 host 192.168.1.2
access-list 108 deny ip host 192.168.0.1 host 192.168.1.1
access-list 108 permit tcp host 192.168.0.1 eq ftp-data any
access-list 109 remark SDM_ACL Category=2
access-list 109 deny ip host 192.168.0.1 host 192.168.1.3
access-list 109 deny ip host 192.168.0.1 host 192.168.1.2
access-list 109 deny ip host 192.168.0.1 host 192.168.1.1
access-list 109 permit tcp host 192.168.0.1 eq 40005 any
access-list 110 remark SDM_ACL Category=2
access-list 110 deny ip host 192.168.0.1 host 192.168.1.3
access-list 110 deny ip host 192.168.0.1 host 192.168.1.2
access-list 110 deny ip host 192.168.0.1 host 192.168.1.1
access-list 110 permit udp host 192.168.0.1 eq non500-isakmp any
access-list 111 remark SDM_ACL Category=2
access-list 111 deny ip host 192.168.0.1 host 192.168.1.3
access-list 111 deny ip host 192.168.0.1 host 192.168.1.2
access-list 111 deny ip host 192.168.0.1 host 192.168.1.1
access-list 111 permit udp host 192.168.0.1 eq 10000 any
access-list 112 remark SDM_ACL Category=2
access-list 112 deny ip host 192.168.0.15 host 192.168.1.3
access-list 112 deny ip host 192.168.0.15 host 192.168.1.2
access-list 112 deny ip host 192.168.0.15 host 192.168.1.1
access-list 112 permit tcp host 192.168.0.15 eq 60817 any
access-list 113 remark SDM_ACL Category=2
access-list 113 deny ip host 192.168.0.1 host 192.168.1.3
access-list 113 deny ip host 192.168.0.1 host 192.168.1.2
access-list 113 deny ip host 192.168.0.1 host 192.168.1.1
access-list 113 permit tcp host 192.168.0.1 eq 40001 any
access-list 114 remark SDM_ACL Category=2
access-list 114 deny ip host 192.168.0.10 host 192.168.1.3
access-list 114 deny ip host 192.168.0.10 host 192.168.1.2
access-list 114 deny ip host 192.168.0.10 host 192.168.1.1
access-list 114 permit tcp host 192.168.0.10 eq smtp any
access-list 115 remark SDM_ACL Category=2
access-list 115 deny ip host 192.168.0.1 host 192.168.1.3
access-list 115 deny ip host 192.168.0.1 host 192.168.1.2
access-list 115 deny ip host 192.168.0.1 host 192.168.1.1
access-list 115 permit tcp host 192.168.0.1 eq 40000 any
access-list 116 remark SDM_ACL Category=2
access-list 116 deny ip host 192.168.0.1 host 192.168.1.3
access-list 116 deny ip host 192.168.0.1 host 192.168.1.2
access-list 116 deny ip host 192.168.0.1 host 192.168.1.1
access-list 116 permit tcp host 192.168.0.1 eq 40002 any
access-list 117 remark SDM_ACL Category=2
access-list 117 deny ip host 192.168.0.11 host 192.168.1.3
access-list 117 deny ip host 192.168.0.11 host 192.168.1.2
access-list 117 deny ip host 192.168.0.11 host 192.168.1.1
access-list 117 permit tcp host 192.168.0.11 eq 3074 any
access-list 118 remark SDM_ACL Category=2
access-list 118 deny ip host 192.168.0.11 host 192.168.1.3
access-list 118 deny ip host 192.168.0.11 host 192.168.1.2
access-list 118 deny ip host 192.168.0.11 host 192.168.1.1
access-list 118 permit udp host 192.168.0.11 eq 88 any
access-list 119 remark SDM_ACL Category=2
access-list 119 deny ip host 192.168.0.1 host 192.168.1.3
access-list 119 deny ip host 192.168.0.1 host 192.168.1.2
access-list 119 deny ip host 192.168.0.1 host 192.168.1.1
access-list 119 permit udp host 192.168.0.1 eq isakmp any
access-list 120 remark SDM_ACL Category=2
access-list 120 deny ip host 192.168.0.1 host 192.168.1.3
access-list 120 deny ip host 192.168.0.1 host 192.168.1.2
access-list 120 deny ip host 192.168.0.1 host 192.168.1.1
access-list 120 permit udp host 192.168.0.1 eq 17478 any
access-list 121 remark SDM_ACL Category=2
access-list 121 deny ip host 192.168.0.1 host 192.168.1.3
access-list 121 deny ip host 192.168.0.1 host 192.168.1.2
access-list 121 deny ip host 192.168.0.1 host 192.168.1.1
access-list 121 permit tcp host 192.168.0.1 eq 990 any
access-list 122 remark SDM_ACL Category=2
access-list 122 deny ip host 192.168.0.1 host 192.168.1.3
access-list 122 deny ip host 192.168.0.1 host 192.168.1.2
access-list 122 deny ip host 192.168.0.1 host 192.168.1.1
access-list 122 permit tcp host 192.168.0.1 eq 40004 any
access-list 123 remark SDM_ACL Category=2
access-list 123 deny ip host 192.168.0.1 host 192.168.1.3
access-list 123 deny ip host 192.168.0.1 host 192.168.1.2
access-list 123 deny ip host 192.168.0.1 host 192.168.1.1
access-list 123 permit tcp host 192.168.0.1 eq 40003 any
snmp-server community xxxxx RW
snmp-server chassis-id STINGER
snmp-server host 192.168.0.15 version 2c xxxxx
!
route-map SDM_RMAP_15 permit 1
match ip address 117
!
route-map SDM_RMAP_14 permit 1
match ip address 116
!
route-map SDM_RMAP_17 permit 1
match ip address 119
!
route-map SDM_RMAP_16 permit 1
match ip address 118
!
route-map SDM_RMAP_11 permit 1
match ip address 113
!
route-map SDM_RMAP_10 permit 1
match ip address 112
!
route-map SDM_RMAP_13 permit 1
match ip address 115
!
route-map SDM_RMAP_20 permit 1
match ip address 122
!
route-map SDM_RMAP_12 permit 1
match ip address 114
!
route-map SDM_RMAP_21 permit 1
match ip address 123
!
route-map SDM_RMAP_19 permit 1
match ip address 121
!
route-map SDM_RMAP_18 permit 1
match ip address 120
!
route-map SDM_RMAP_4 permit 1
match ip address 106
!
route-map SDM_RMAP_5 permit 1
match ip address 107
!
route-map SDM_RMAP_6 permit 1
match ip address 108
!
route-map SDM_RMAP_7 permit 1
match ip address 109
!
route-map SDM_RMAP_1 permit 1
match ip address 103
!
route-map SDM_RMAP_2 permit 1
match ip address 104
!
route-map SDM_RMAP_3 permit 1
match ip address 105
!
route-map SDM_RMAP_8 permit 1
match ip address 110
!
route-map SDM_RMAP_9 permit 1
match ip address 111
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 5 0
login authentication local_auth
transport preferred none
transport output telnet
speed 115200
line aux 0
login authentication local_auth
no exec
transport output telnet
line vty 0 4
access-class 22 in
exec-timeout 20 0
privilege level 15
password 7 xxxxx
login authentication local_auth
transport preferred none
transport input ssh
!
scheduler allocate 4000 1000
ntp logging
ntp clock-period 17181293
ntp server 192.168.0.1 prefer
!
end
- Labels:
-
VPN
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide