help vpn

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    mariox79
    Member
    #116662

    Can anyone help me to setup correctly a vpn ?
    I use at home pc a cisco vpn client. In my office instead, i have a cisco 837 that i configured to set up a vpn.
    The tunnel is up correctly and my home pc receive ip address from local pool configured on 837. But i cannot ping the lan pc behind the 837…why??
    This is my conf:
    Thx in advance!!!

    Building configuration…

    Current configuration : 4722 bytes
    !
    version 12.3
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname cisco-vpn
    !
    boot-start-marker
    boot-end-marker
    !
    enable secret 5 $1$VAeI$mTduUojniuH.Xx5usgf57e
    !
    aaa new-model
    !
    !
    aaa authentication login LISTA-UTENTI-VPN local
    aaa authorization network GRUPPO-UTENTI-VPN local
    aaa session-id common
    !
    resource manager
    !
    ip subnet-zero
    no ip gratuitous-arps
    !
    !
    no ip dhcp use vrf connected
    !
    ip dhcp pool miopool
    import all
    network 10.100.100.0 255.255.255.0
    default-router 10.100.100.1
    dns-server 151.11.99.3
    !
    !
    ip dhcp update dns both
    ip cef
    ip name-server 151.11.99.3
    ip ddns update method DynDNS
    HTTP
    add http://mariox79:[email protected]@dyndns.org/nic/update^Vsystem=dyndns&hostname=xc0mvpn.dyndns.org&myip=&wildcard=OFF
    interval maximum 1 0 0 0
    !
    ip dhcp-client update dns server both
    !
    no ftp-server write-enable
    !
    !
    username mario password 0 miapwd
    !
    !
    !
    crypto isakmp policy 10
    encr 3des
    authentication pre-share
    group 5
    !
    crypto isakmp policy 20
    encr 3des
    authentication pre-share
    group 2
    crypto isakmp client configuration address-pool local VPN-CLIENT-POOL
    !
    crypto isakmp client configuration group mariovpn
    key mariopass
    pool VPN-CLIENT-POOL
    acl 106
    !
    !
    crypto ipsec transform-set myset esp-des esp-md5-hmac
    crypto ipsec transform-set myset1 esp-3des esp-md5-hmac
    !
    crypto ipsec profile CRYPTO-VPN
    !
    !
    crypto dynamic-map VPNDYNAMIC 1
    set transform-set myset
    reverse-route
    !
    !
    crypto map CRYPTO-VPN client authentication list LISTA-UTENTI-VPN
    crypto map CRYPTO-VPN isakmp authorization list GRUPPO-UTENTI-VPN
    crypto map CRYPTO-VPN client configuration address respond
    crypto map CRYPTO-VPN 1 ipsec-isakmp dynamic VPNDYNAMIC
    !
    !
    !
    interface Ethernet0
    ip address 10.100.100.220 255.255.255.0
    ip access-group 105 in
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat inside
    ip virtual-reassembly
    no ip mroute-cache
    crypto map CRYPTO-VPN
    hold-queue 100 out
    !
    interface Ethernet2
    no ip address
    shutdown
    hold-queue 100 out
    !
    interface ATM0
    no ip address
    no ip mroute-cache
    no atm ilmi-keepalive
    dsl operating-mode auto
    pvc 8/35
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
    !
    !
    interface FastEthernet1
    no ip address
    duplex auto
    speed auto
    !
    interface FastEthernet2
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    interface FastEthernet3
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    interface FastEthernet4
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    interface Dialer0
    ip ddns update hostname marioxx.dyndns.org
    ip ddns update DynDNS host members.dyndns.org
    ip address negotiated
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat outside
    ip virtual-reassembly
    encapsulation ppp
    no ip mroute-cache
    dialer pool 1
    no fair-queue
    ppp chap hostname TELECOM
    ppp chap password 0 pippo
    ppp pap sent-username TELECOM password 0 pippo
    crypto map CRYPTO-VPN
    !
    ip local pool VPN-CLIENT-POOL 10.100.100.28 10.100.100.30
    ip classless
    ip route 0.0.0.0 0.0.0.0 Dialer0
    !
    ip http server
    no ip http secure-server
    !
    ip nat inside source list 125 interface Dialer0 overload
    !
    access-list 1 permit 10.100.100.0 0.0.0.255
    access-list 25 permit any
    access-list 100 deny ip host 255.255.255.255 any
    access-list 100 deny ip 127.0.0.0 0.0.0.255 any
    access-list 100 permit ip any any
    access-list 101 permit icmp any any echo-reply
    access-list 101 permit icmp any any time-exceeded
    access-list 101 permit icmp any any unreachable
    access-list 101 permit tcp any any eq 7954
    access-list 101 permit udp any any eq 23580
    access-list 101 permit udp any any eq 4673
    access-list 101 permit udp any any eq isakmp log
    access-list 101 deny ip 10.0.0.0 0.255.255.255 any
    access-list 101 deny ip 172.16.0.0 0.15.255.255 any
    access-list 101 deny ip 192.168.0.0 0.0.255.255 any
    access-list 101 deny ip 127.0.0.0 0.255.255.255 any
    access-list 101 deny ip host 255.255.255.255 any
    access-list 101 deny ip host 0.0.0.0 any
    access-list 101 deny ip any any log
    access-list 101 deny ip 10.100.100.0 0.0.0.255 any
    access-list 101 permit tcp any any eq 6881
    access-list 101 permit tcp any any eq www
    access-list 101 permit tcp any any eq 6882
    access-list 105 permit ip any any
    access-list 105 permit gre any any
    access-list 106 permit ip 10.100.100.0 0.0.0.255 any
    access-list 111 permit ip 10.100.100.0 0.0.0.255 any
    access-list 125 permit ip 10.100.100.0 0.0.0.255 any
    no cdp run
    !
    !
    control-plane
    !
    !
    line con 0
    no modem enable
    transport preferred all
    transport output all
    line aux 0
    line vty 0 4
    password mar10
    transport preferred all
    transport input all
    transport output all
    !
    scheduler max-task-time 5000
    end

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.