|
|
|
Question : Problem: VPN via Cisco 1700 (loop back interface)
|
|
Hi,
I am going to post this in this area now to see if there any any cisco people around.
We recently changed ISP's. Before our serial Ip was a public IP and we connected to it for vpn. However, with our new isp the serial int is a private address. So we have made a loopback int to house the public ip and do nat. Now we can't vpn to it. I have gone over the configs with no luck. Please help! We are using the Cisco vpn client..with the config below I can connect and authenticate via the vpn client...but can't pass traffic and can't even ping the router 10.0.0.2
config:
lock timezone Arizona -7
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
aaa new-model
!
!
aaa authentication login userauthen local
aaa authorization network groupauthor local
aaa session-id common
ip subnet-zero
!
!
!
ip cef
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group 3000client
key ********
dns 10.0.0.81
wins 10.0.0.81
domain rcidomain.local
pool ippool
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
!
!
crypto map mymap 99 ipsec-isakmp dynamic dynmap
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!
interface Loopback20
no ip address
!
interface Loopback200
ip address 64.16.60.81 255.255.255.255
ip nat outside
crypto map clientmap
!
interface Ethernet0
ip address 10.0.1.1 255.255.255.0
ip nat inside
full-duplex
!
interface FastEthernet0
ip address 10.0.0.2 255.255.255.0
ip nat inside
speed auto
!
interface Serial0
ip address 172.19.64.46 255.255.255.252
ip nat outside
fair-queue
service-module t1 timeslots 1-24
crypto map clientmap
!
ip local pool ippool 10.0.2.10 10.0.2.50
ip nat inside source list 198 interface Loopback200 overload
ip nat inside source static tcp 10.0.0.25 49123 64.16.60.84 49123 extendable
ip nat inside source static tcp 10.0.1.2 80 64.16.60.82 80 extendable
ip nat inside source static tcp 10.0.1.2 21 64.16.60.82 21 extendable
ip nat inside source static tcp 10.0.0.99 6000 64.16.60.83 6000 extendable
ip nat inside source static tcp 10.0.0.99 6001 64.16.60.83 6001 extendable
ip nat inside source static tcp 10.0.0.99 6002 64.16.60.83 6002 extendable
ip nat inside source static tcp 10.0.0.99 6003 64.16.60.83 6003 extendable
ip nat inside source static tcp 10.0.0.99 6800 64.16.60.83 6800 extendable
ip nat inside source static tcp 10.0.0.99 6801 64.16.60.83 6801 extendable
ip nat inside source static tcp 10.0.0.99 6802 64.16.60.83 6802 extendable
ip nat inside source static tcp 10.0.0.99 6803 64.16.60.83 6803 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 172.19.64.45
ip http server
no ip http secure-server
!
!
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 2 permit 68.98.217.221
access-list 2 permit 69.28.134.100
access-list 2 permit 69.28.134.98
access-list 3 permit 24.251.168.221
access-list 100 permit ip 10.0.0.0 0.0.0.255 10.0.2.0 0.0.0.255
access-list 100 permit ip 10.0.2.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 110 permit ip 10.0.0.0 0.0.0.255 10.0.2.0 0.0.0.255
access-list 110 permit ip 10.0.2.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 198 permit ip any any
access-list 198 deny ip 10.0.0.0 0.0.255.255 10.0.0.0 0.0.255.255
access-list 199 permit ip 10.0.0.0 0.0.0.255 10.0.1.0 0.0.0.255
snmp-server community ***
snmp-server enable traps tty
!
line con 0
line aux 0
line vty 0 4
password 7 1500580F54382F657961
login authentication router
transport preferred telnet
!
|
Answer : Problem: VPN via Cisco 1700 (loop back interface)
|
|
Okay, it looks like you changed crypto map names on us :)
Do this:
no crypto map clientmap local-address Loopback200
crypto map mymap local-address Loopback200
|
|
|
|
