Question : Problem: Config works but will not pass any traffic. I cannot ping even the inside interface of the vpn tunnel or the client ip

!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname tsdfw
!
logging queue-limit 100
enable password 7 xxx
!
username userx password 7 xxx
aaa new-model
!
!
aaa authentication login vpnauthen local
aaa authorization network vpnauthor local
aaa session-id common
ip subnet-zero
!
!
!
ip audit notify log
ip audit po max-events 100
!
!
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group tsdvpn
key pass
dns xx.xx.xx.xx
domain covad.net
pool vpnpool
acl 111
!
!
crypto ipsec transform-set trans2 esp-3des esp-md5-hmac
!
crypto dynamic-map vpndyn 10
set transform-set trans2
!
!
crypto map nemap client authentication list vpnauthen
crypto map nemap isakmp authorization list vpnauthor
crypto map nemap client configuration address initiate
crypto map nemap client configuration address respond
crypto map nemap 10 ipsec-isakmp dynamic vpndyn
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface Ethernet0
ip address 69.3.44.104 255.255.255.248
ip access-group 117 in
ip nat outside
no ip route-cache
no ip mroute-cache
half-duplex
crypto map nemap
!
interface FastEthernet0
description "Inside" interface with private IP Address
ip address 10.0.0.253 255.255.255.0
ip nat inside
ip route-cache policy
ip policy route-map nonat
no ip mroute-cache
speed auto
!
ip local pool vpnpool 10.0.0.50
ip nat pool outsidepool 69.3.44.105 69.3.44.105 netmask 255.255.255.248
ip nat inside source route-map nonat pool outsidepool
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0
no ip http server
no ip http secure-server
!
!
!
ip access-list extended group-lock
!
access-list 110 deny ip 10.0.0.0 0.0.0.255 host 10.0.0.50
access-list 110 permit ip 10.0.0.0 0.0.0.255 any
access-list 117 permit esp any any
access-list 117 permit udp any any eq isakmp
access-list 120 permit ip 10.0.0.0 0.0.0.255 host 10.0.0.50
dialer-list 1 protocol ip permit
!
route-map rmap permit 10
match ip address 110
!
route-map nonat permit 10
match ip address 120
set ip next-hop 1.1.1.2
!
route-map nonat permit 20
!
radius-server authorization permit missing Service-Type
!
line con 0
line aux 0
line vty 0 4
!
no scheduler allocate
end

It is late but I can't seem to figure out why this configuration does not work correctly?? I connect using the Cisco VPn client, authenticate and terminate the tunnel. However, I cannot get transparent tunneling or split tunneling to work. I also cannot even ping through the tunnel. This is probably something obvious but I cannot seem to find it.

Thanks,

Troy

Answer : Problem: Config works but will not pass any traffic. I cannot ping even the inside interface of the vpn tunnel or the client ip

Just my opinion, but simply adding firewall 'features' to a router does not turn it into a firewall. It is a router with extra features. I would not put my business behind one. My configuration example above is fairly loose, because I have two PIX firewalls behind it..

Random Solutions

Problem: Raid 5 server fails to reboot after os installation

Problem: Is there a D-Link WBR1310 bridge mode?

Problem: Java Array list

Problem: Video Surveillance System

Problem: Two SATA drives are showing different sizes

Problem: Seagate 120gb hard drive

Problem: Creating MS-DOS boot partition.

Problem: External HDD drive USB cable has 3 connectors - why 3? Why not 2?

Problem: MacBook Pro and monitor - best kinds - resolution

Problem: USB Speechmike intermittently not recognized when plugged in