collapse

Search


User Info

 
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - mokenned

Pages: [1]
1
Hello,

I have created EasyVPN server and Remote client router for teleworkers , I can establish a VPN tunnel connection but I can't ping or access to 192.168.10.0/24 resources connected on the VPN server router from 192.168.30.0/24.  Network diagram as attachment.

The configuration is based on:
You are not allowed to view links. Register or Login.



EzVPN-Server#sh run
Building configuration...


Current configuration : 3515 bytes
!
version 15.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname EzVPN-Server
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
enable secret 5 $1$NhzO$Kd11RkFZY1xI6T1vfKTI0.
!
aaa new-model
!
aaa authentication login USER_AAA local
aaa authentication login USERLIST local
aaa authorization network GROUP_AAA local
!
aaa session-id common
memory-size iomem 15
!
ip dhcp excluded-address 192.168.10.1 192.168.10.50
!
ip dhcp pool Inside-LAN
 import all
 network 192.168.10.0 255.255.255.0
 default-router 192.168.10.1
 dns-server 9.9.9.9
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
voice-card 0
!
username admin secret 5 $1$ogrE$UQS7SIfOMziIamJZnV5L/0
!
redundancy
!
crypto isakmp policy 10
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp keepalive 90 12
!         
crypto isakmp client configuration group VPN1
 key 1234567890
 dns 9.9.9.9
 pool VPN-POOL
 acl SPLIT_T
 save-password
!
crypto ipsec transform-set TRANSFORM-1 esp-3des esp-md5-hmac
 mode tunnel
!
crypto dynamic-map INT_MAP 1
 set security-association lifetime kilobytes 530000000
 set security-association lifetime seconds 14400
 set transform-set TRANSFORM-1
!
!
crypto map INT_MAP client authentication list USER_AAA
crypto map INT_MAP isakmp authorization list GROUP_AAA
crypto map INT_MAP client configuration address respond
crypto map INT_MAP 30000 ipsec-isakmp dynamic INT_MAP
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description INTERNET#
 ip address 5.5.5.5 255.255.255.248
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
 crypto map INT_MAP
!
interface GigabitEthernet0/1
 description INSIDE-LAN#
 ip address 192.168.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface GigabitEthernet1/0
 no ip address
 shutdown
!
interface GigabitEthernet1/1
 description Internal switch interface connected to Service Module
 no ip address
!
interface Vlan1
 no ip address
!
!
ip local pool VPN-POOL 192.168.100.100 192.168.100.200
ip forward-protocol nd
!
ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 5.5.5.1
!
ip access-list extended SPLIT_T
 permit ip 192.168.0.0 0.0.255.255 any
!
access-list 1 permit 192.168.10.0 0.0.0.255
!
control-plane
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
gatekeeper
 shutdown
!
line con 0
 exec-timeout 0 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line 67
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
 flowcontrol software
line vty 0 4
 password 7 03055F060F01
 transport input all
!
scheduler allocate 20000 1000
!
end


EzVPN-Client#sh run
Building configuration...

Current configuration : 3459 bytes
!
! Last configuration change at 17:56:46 UTC Tue Jul 15 2014
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname EzVPN-Client
!
boot-start-marker
boot-end-marker
!
!
no logging buffered
enable password admin
!
no aaa new-model
!
ip cef
!
!
!         
!


!
ip dhcp excluded-address 192.168.30.1 192.168.30.15
!
ip dhcp pool INSIDE
 import all
 network 192.168.30.0 255.255.255.0
 default-router 192.168.30.1
!
!
!
no ipv6 cef
!
multilink bundle-name authenticated
username admin privilege 15 password 0 admin
!
redundancy
!
crypto ipsec client ezvpn CLIENT1
 connect auto
 group VPN1 key 1234567890
 mode network-plus
 peer 5.5.5.5
 username admin password admin
 xauth userid mode local
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description $ETH-WAN$
 ip address dhcp
 duplex auto
 speed auto
 crypto ipsec client ezvpn CLIENT1
!
interface GigabitEthernet0/1
 description $ETH-LAN$
 ip address 192.168.30.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
 crypto ipsec client ezvpn CLIENT1 inside
!
interface Virtual-Template2 type tunnel
 no ip address
 tunnel mode ipsec ipv4
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp
!
access-list 1 permit 192.168.30.0 0.0.0.255
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 password admin
 login
 transport input all
!
scheduler allocate 20000 1000
!
end

EzVPN-Client#





Pages: [1]
SimplePortal 2.3.5 © 2008-2012, SimplePortal