cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2063
Views
0
Helpful
1
Replies

cisco 887 vpn setup

Fotiosmark
Level 1
Level 1

Hello guys,

I have a simple design of a cisco 887 on ADSL, setup with dialer etc, I am trying to make a VPN so one PC from outside can connect and see the internal network 172.20.20.0 255.255.254.0.

The config for VPN is the below

************************************************************************************************


aaa new-model
aaa session-id common

aaa authentication login default local
aaa authentication login vpn_xauth_ml_1 local
aaa authentication login sslvpn local
aaa authorization network vpn_group_ml_1 local

username vpn_user password 0 user

ip local pool vpn_client_pool 172.20.21.11 172.20.21.19
ip dhcp excluded-address 172.20.21.11 172.20.21.19

ip access-list extended vpn_resources
permit ip 172.20.0.0 0.0.255.255 any


crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 2
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group myvpn
key cisco
pool vpn_client_pool
acl vpn_resources
max-users 10

crypto ipsec transform-set vpn_transform esp-3des esp-sha-hmac
!
crypto ipsec profile vpn_profile
set transform-set vpn_transform
!

interface Virtual-Template2 type tunnel
ip unnumbered Vlan1
tunnel mode ipsec ipv4
tunnel protection ipsec profile vpn_profile
!

crypto isakmp profile vpn_ike_profile
   match identity group myvpn
   client authentication list vpn_xauth_ml_1
   isakmp authorization list vpn_group_ml_1
   client configuration address respond
   virtual-template 2

***************************************************************************************************

Now the issue is that it works, and it connects, but I can only ping the default gateway of Vlan1 on the router 172.20.20.252 and another PC that I am connecting to that same VPN but nothing else on the network!!! I have tried absolutely everything.....!!!

The config of the router is the below

***************************************************************************************************

Building configuration...

Current configuration : 4481 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname xxxxxxxxx
!
boot-start-marker
boot-end-marker
!
no logging console
enable password xxxxxxxx
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
aaa session-id common
clock timezone PCTime 2
clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 4:00
!
crypto pki trustpoint TP-self-signed-1943662963
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1943662963
revocation-check none
rsakeypair TP-self-signed-1943662963
!
!
crypto pki certificate chain TP-self-signed-1943662963
certificate self-signed 01
  30820253 308201BC A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31393433 36363239 3633301E 170D3032 30333032 30303337
  33335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 39343336
  36323936 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  81009EB9 C2FC54CE FE344AB1 3D6CC9DF 5F16A326 BDF63F85 C3FAC758 E258A7CC
  DA614E57 653C2848 9C2F736E 111A0E6A DF300EE5 0D336F78 FA846C82 C9084536
  772D876C 774300BD D80B65B0 7BA80B1F BCE8E2B3 12A319FC FA8B1A66 DF87970B
  91CE9F2F 3A84097A 267EE27A 42E52ABB D0215542 CAA395B7 F9B8D5C6 8A2DB3C7
  29B30203 010001A3 7B307930 0F060355 1D130101 FF040530 030101FF 30260603
  551D1104 1F301D82 1B796472 6F696E74 65726E65 742E796F 7572646F 6D61696E
  2E636F6D 301F0603 551D2304 18301680 145FFB69 66BF2D7F E4EBA1FB 999983B8
  B7175588 C3301D06 03551D0E 04160414 5FFB6966 BF2D7FE4 EBA1FB99 9983B8B7
  175588C3 300D0609 2A864886 F70D0101 04050003 81810061 D1040D07 A2789A17
  482B1773 3C76B7D1 E84B100D DE84F00C F9CCBA50 1A8C3F22 CC2913A6 DCD10C6A
  216640E5 5770990B 41B5A33F CA06C237 B6C65286 2BA56F92 058B06A9 5402F69E
  12414DCF 1CFD7AF9 CAD8D035 60BA8470 BEC7F467 85DBB4D6 9B308D44 1FF2723F
  32740CCD 0CCD5ED0 0CA578C9 9612935B 5D7AF1F4 95051A
        quit
dot11 syslog
no ip source-route
ip cef
!
!
!
!
no ip bootp server
ip domain name yourdomain.com
!
multilink bundle-name authenticated
!
!
username xxxxx password 0 xxxxxxx
username xxxx privilege 15 password 0 xxxxx
!
!
archive
log config
  hidekeys
!
!
!
!
!
interface BRI0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation hdlc
ip route-cache flow
shutdown
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
pvc 8/35
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 172.20.20.252 255.255.254.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
interface Dialer0
ip address negotiated
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxxxxxxxxx
ppp chap password 0 o-7d3yr
ppp pap sent-username xxxxxxxxxxxx password 0 xxxxxxxxxxxxxx
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http authentication local
no ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 172.20.20.2 8088 interface Dialer0 8088
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 172.20.0.0 0.0.255.255
access-list 100 permit tcp host (my internalPublic IP) host (RouterPublicIP) eq 8088
access-list 100 permit tcp host(my internalPublic IP) host (RouterPublicIC) eq telnet
access-list 100 permit tcp host (my internalPublic IP) host (RouterPublicIC) eq www
access-list 100 deny   tcp any host (RouterPublicIC) eq 8088
access-list 100 permit ip any any
dialer-list 1 protocol ip permit
snmp-server community private RW
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
!
scheduler max-task-time 5000
end

Hope there is Someone that can give me any advice! I am stumped!

Thank you!!!

1 Reply 1

Kelli Glass
Community Manager
Community Manager

Fotios,

I recommend you look at these threads in the Cisco Support Community for more information on setting up your router.

Search - Cisco Support Community

I hope this helps.

Kelli Glass

Moderator for Cisco Customer Communities

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: