Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

EazyVPN Using 1760 as VPN Server

Status
Not open for further replies.
Jimtron26

Jimtron26

Programmer
Joined
Nov 8, 2004
Messages
123
Location
GB
I am having problems setting up a VPN connection from a remote site to a central office using a 1760 router. The client is using EasyVPN client software and the connection is DSL. The settings at the remote site are correct, however, when the remote client starts, i get a "secure vpn connection terminated locally by the client, the remote peer is no longer responding. I have currently removed all VPN programming from the router but below is a config with what i set up. I think the programming has gone a little astray!. I am going to have another go at it with differant configuration but would apprecitiate it if anyone can spot any obvious errors with the prog.

Cheers

Last configuration change at 16:24:08 UTC Sat Sep 18 2004 by netcon
! NVRAM config last updated at 18:44:33 UTC Thu Sep 16 2004
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$maBr$pEPwuWy5yKMKnLP4kazc8/
enable password 7 130F16405C06167A7E293A6366
!
username ****** privilege 15 secret 5 $1$c19Z$Pyib8ceoSL.drGYA7L1HK/
aaa new-model
!
!
aaa authentication login userauthen local
aaa authorization network groupauthor local
aaa session-id common
ip subnet-zero
no ip source-route
!
ip domain name yourdomain.com
ip name-server <dns server>
ip name-server <dns server>
ip cef
ip inspect audit-trail
ip inspect udp idle-time 1800
ip inspect dns-timeout 7
ip inspect tcp idle-time 14400
ip inspect name standard cuseeme
ip inspect name standard ftp
ip inspect name standard h323
ip inspect name standard http
ip inspect name standard rcmd
ip inspect name standard realaudio
ip inspect name standard smtp
ip inspect name standard sqlnet
ip inspect name standard streamworks
ip inspect name standard tcp
ip inspect name standard tftp
ip inspect name standard udp
ip inspect name standard vdolive
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 smtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip inspect name DEFAULT100 icmp
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
no scripting tcl init
no scripting tcl encdir
!
crypto isakmp policy 1
encr 3des
authentication pre-share
lifetime 3600
!
crypto isakmp client configuration group nclvpn
key 6 123456789
dns 212.85.249.130
pool nclvpnpool
acl 104
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!
!
interface ATM0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface FastEthernet0/0
description LAN Port
ip address 192.168.42.1 255.255.255.0
ip access-group 103 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip inspect standard in
ip route-cache flow
speed auto
full-duplex
no cdp enable
!
interface Ethernet1/0
description DMZ Port
ip address 192.168.43.1 255.255.255.0
ip access-group 111 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
full-duplex
no cdp enable
!
interface Dialer0
no ip address
no cdp enable
!
interface Dialer1
description ADSL Internet Port
ip address *.*.*.* *.*.*.*
ip access-group 104 in
ip nat outside
ip inspect standard in
ip inspect DEFAULT100 out
encapsulation ppp
no ip route-cache same-interface
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname *******
ppp chap password *******
crypto map clientmap
!
router rip
network 192.100.42.0
network 192.168.42.0
network 192.168.43.0
!
ip local pool nclvpnpool 192.168.42.100 192.168.42.110
ip nat pool outsidepool <public ip address> <public ip address> netmask 255.255.255.0
ip nat inside source list 101 interface Dialer1 overload
ip nat inside source route-map nonat pool outsidepool
ip nat inside source static tcp 192.168.42.1 23 interface Dialer1 23
ip nat inside source static tcp 192.168.42.64 80 interface Dialer1 80
ip nat inside source static tcp 192.168.42.18 25 interface Dialer1 25
ip nat inside source static udp 192.168.42.1 500 <public ip address> 500 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 192.100.42.0 255.255.255.0 192.168.42.7
ip http server
ip http authentication local
no ip http secure-server
!
!
!
access-list 101 remark PERMITTED INBOUND INTERNET TRAFFIC
access-list 101 permit udp any any eq isakmp
access-list 101 permit tcp any host 192.168.42.1 eq telnet
access-list 101 permit tcp any host 192.168.42.18 eq smtp
access-list 101 permit tcp any host 192.168.42.64 eq www
access-list 101 permit tcp any host 192.168.42.64 eq 8081
access-list 101 permit tcp any host 192.168.42.64 eq 8084
access-list 101 permit ip 192.168.42.0 0.0.0.255 any
access-list 101 permit ip 192.100.42.0 0.0.0.255 any
access-list 101 permit icmp any any
access-list 101 deny ip any any

access-list 103 permit tcp any host 192.168.42.18 eq smtp
access-list 103 permit icmp any any
access-list 103 permit ip 192.168.42.0 0.0.0.255 any
access-list 103 permit ip 192.100.42.0 0.0.0.255 any
access-list 103 deny ip any any

access-list 104 remark NCL VPN
access-list 104 permit tcp any any eq smtp
access-list 104 permit udp any any eq isakmp
access-list 104 permit icmp any any
access-list 104 deny ip any any

dialer-list 1 protocol ip permit
no cdp run
!
route-map nonat permit 10
match ip address 104
!
 
Status
Not open for further replies.

Similar threads

jobsp90
  • Locked
  • Question Question
I have a issue in my office hospital network regarding using IPPBX software.
Replies
2
Views
525
DavetheChef
DavetheChef
quazimotto
  • Locked
  • Question Question
Cisco ASA_5505 VPN to Juniper_SRX210 VPN IS UP_ No Traffic!!!!!!
Replies
0
Views
316
quazimotto
quazimotto
Collab_Guy
  • Locked
  • Question Question
Anyone using automation with their CUCM?
Replies
1
Views
407
kyle555
kyle555
NavinNet
  • Locked
  • Question Question
Why 2 different mac addresses of a server are being shown of CISCO 6509E Layer-3 Switch ?
Replies
0
Views
277
NavinNet
NavinNet
CDIV
  • Locked
  • Question Question
Use uplink port as access port 2960
Replies
9
Views
1K
CDIV
CDIV

Part and Inventory Search

Sponsor

Back
Top