Question : Problem: VPN Client Got connected, But cannot access ther LAN behind the router

Dear Folks,

I Configured VPN on my CISCO ISR 2811. By using VPN client I can connect the network. But I can't access any of my LAN resource. Its not pinging also

Please give suggestion to resolve this issue. Thanks in advance. Please find the config below

Username: admin
Password:

ROUTER1#sh run
Building configuration...

Current configuration : 4530 bytes
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ROUTER1
!
boot-start-marker
boot-end-marker
!
logging buffered 4096
!
aaa new-model
!
!
aaa authentication login test local
aaa authorization network vpngroup local
!
aaa session-id common
!
ip cef
!
ip name-server X.X.X.X
ip name-server X.X.X.X
!
multilink bundle-name authenticated
!
voice-card 0
no dspfarm
!
crypto isakmp policy 1
hash md5
authentication pre-share
group 2
!
crypto isakmp policy 2
authentication pre-share

crypto isakmp policy 3
hash md5
authentication pre-share
crypto isakmp key XXXXXXX address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 20
crypto isakmp nat keepalive 20
crypto isakmp client configuration address-pool local abc
!
crypto isakmp client configuration group vpngroup
key XXXXXXX
pool abc
acl 110
save-password
!
crypto ipsec transform-set setA esp-des esp-md5-hmac
!
crypto dynamic-map mapA 1
set transform-set setA
!
!
crypto map mapA client authentication list test
crypto map mapA isakmp authorization list vpngroup
crypto map mapA client configuration address initiate
crypto map mapA client configuration address respond
crypto map mapA 1 ipsec-isakmp dynamic mapA
!
username admin privilege 15 secret 5 $1$3DJB$yqX5DdryifsV/6pcWQhfG/
username Router1o privilege 15 secret 5 $1$aZPP$uaETE1AMOQYV4zVST1wN.1
!
interface Loopback0
ip address 192.168.1.2 255.255.255.0
ip route-cache flow
!
interface FastEthernet0/0
description $FW_INSIDE$
ip address 10.10.150.12 255.255.255.0
ip nat inside
ip virtual-reassembly
ip route-cache flow
no ip mroute-cache
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
ip route-cache flow
shutdown
duplex auto
speed auto
!
interface Serial0/1/0
no ip address
ip route-cache flow
shutdown
no fair-queue
clock rate 2000000
!
interface ATM0/2/0
no ip address
ip route-cache flow
atm vc-per-vp 128
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/35
pppoe-client dial-pool-number 1
!

interface Dialer0
no ip address
ip route-cache flow
!
interface Dialer1
description $FW_OUTSIDE$
ip address negotiated
ip mtu 1442
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
ip tcp adjust-mss 1394
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp chap refuse
ppp pap sent-username [email protected] password 0 XXXXX
crypto map mapA
!
ip local pool abc 192.168.250.1 192.168.250.254
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip nat inside source list 150 interface Dialer1 overload

ip nat inside source static tcp 10.10.150.32 8086 interface Dialer1 80
ip nat inside source static tcp 10.10.150.8 7000 interface Dialer1 7000
ip nat inside source static tcp 10.10.150.17 21 interface Dialer1 21
ip nat inside source static tcp 10.10.150.32 443 interface Dialer1 5443
ip nat inside source static tcp 10.10.150.32 21 interface Dialer1 2101
ip nat inside source static tcp 10.10.150.88 21 interface Dialer1 2102
ip nat inside source static tcp 10.10.150.88 3007 interface Dialer1 3007
ip nat inside source static tcp 10.10.150.88 6600 interface Dialer1 6600
ip nat inside source static tcp 10.10.150.32 8181 interface Dialer1 8181
ip nat inside source static tcp 10.10.150.32 8085 interface Dialer1 8085
!
!
access-list 23 permit 10.10.150.69
access-list 110 permit ip 192.168.254.0 0.0.0.255 10.10.150.0 0.0.0.255
access-list 150 deny ip 10.10.150.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 150 permit ip 10.10.150.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
control-plane
!
line con 0
password xxxxx
line aux 0
line 0/3/0
no exec
line vty 0 4
privilege level 15
password XXXXXX
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
transport input telnet ssh
!
scheduler allocate 20000 1000

!
webvpn cef
!

Answer : Problem: VPN Client Got connected, But cannot access ther LAN behind the router

Looks like your crypto and NAT access-list don't match your VPN pool. Try making this change:

no access-list 110
access-list 110 permit ip 10.10.150.0 0.0.0.255 192.168.250.0 0.0.0.255

no access-list 150
access-list 150 deny ip 10.10.150.0 0.0.0.255 192.168.250.0 0.0.0.255
access-list 150 permit ip 10.10.150.0 0.0.0.255 any

Also, are you using 192.168.1.x on your local LAN? If so, it conflicts with the loopback0 interface on the VPN router.

Random Solutions

Problem: CPU Usage randomly spikes when watching videos

Problem: Viewing photos on TV from my ipod thru JBL Radial Micro speakers

Problem: Windows XP error: sttray.exe entry point not found

Problem: itunes and quicktimw will not install, another istallation in progress

Problem: Active Sync and Symbol PPT 8800

Problem: Windows 2000 Setup and AIC-7880 SCSI

Problem: Blackberry WAP 2.0 browser

Problem: What is Wi-fi?

Problem: What commands can be used for troubleshooting Cisco WAPs ?

Problem: Cisco Vpn Client routing problems