|
|
|
Question : Problem: VPN Tunneling with a Cisco 851 on Verizon DSL
|
|
I have a Cisco 851 that I've configured to construct a VPN tunnel back to a PIX 515. The 851 is working on Verizon DSL, I can ping out to the internet from the router, but I can ping inside across the tunnel, and none of the machines plugged into the ports on the 851 can ping to the internet. I'm a novice (translation, I don't know what I'm doing but I fake it really well), but I'm 99% certain that everything is correct on the PIX, all the same I'll copy up any pertinent info asked of me. I'll post a fairly sterilized config off the 851 below, if any guru's can help me out it would be much appreciated!!!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cisco851
!
boot-start-mar
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
memory-size iomem 25
ip subnet-zero
no ip dhcp use vrf connected
ip dhcp excluded-address 10.134.1.1 10.134.1.20
!
ip dhcp pool pool1
network 10.134.1.0 255.255.255.0
default-router 10.134.1.1
dns-server 10.2.1.10 10.2.1.20
!
!
ip cef
ip domain name DomainName
ip ssh time-out 45
!
!
crypto pki trustpoint TP-self-signed-1234567890
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1234567890
revocation-check none
rsakeypair TP-self-signed-1234567890
!
!
crypto pki certificate chain TP-self-signed-1234567890
certificate self-signed 01
30820257 308201C0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
quit
!
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
group 2
crypto isakmp key ********** address 61.123.234.16
!
!
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set level1 esp-des esp-md5-hmac
!
crypto map outside_map 10 ipsec-isakmp
description Tunnel to Core
set peer 61.123.234.16
set transform-set level1
match address 105
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastE
!
interface FastEthernet4
description DSL outside interface$ES_WAN$
ip address 71.123.132.17 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
crypto map outside_map
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 10.134.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
crypto map outside_map
!
ip classless
ip route 0.0.0.0 0.0.0.0 71.123.132.1
!
no ip http server
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 100 interface FastEthernet4 overload
!
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 100 deny ip 10.134.1.0 0.0.0.255 10.2.1.0 0.0.0.255
access-list 100 deny ip 10.134.1.0 0.0.0.255 10.130.1.0 0.0.0.255
access-list 100 deny icmp 10.134.1.0 0.0.0.255 10.2.1.0 0.0.0.255
access-list 100 deny icmp 10.105.1.0 0.0.0.255 10.130.1.0 0.0.0.255
access-list 100 permit ip 10.105.1.0 0.0.0.255 any
access-list 100 permit icmp 10.105.1.0 0.0.0.255 any
access-list 105 permit ip 10.105.1.0 0.0.0.255 10.2.1.0 0.0.0.255
access-list 105 permit ip 10.105.1.0 0.0.0.255 10.130.1.0 0.0.0.255
access-list 105 permit icmp 10.105.1.0 0.0.0.255 10.2.1.0 0.0.0.255
access-list 105 permit icmp 10.105.1.0 0.0.0.255 10.130.1.0 0.0.0.255
no cdp run
!
control-plane
!
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
ntp clock-period 17179385
ntp server 192.43.244.18
end
|
Answer : Problem: VPN Tunneling with a Cisco 851 on Verizon DSL
|
|
That should be (missed the 5 in the last wildcard mask):
! delete current entries
no access-list 105
access-list 105 permit ip 10.134.1.0 0.0.0.255 10.2.1.0 0.0.0.255
access-list 105 permit ip 10.134.1.0 0.0.0.255 10.130.1.0 0.0.0.255
|
|
|
|
|
