No announcement yet.

Need to route Vpn Clients through.... a VPN...

  • Filter
  • Time
  • Show
Clear All
new posts

  • Need to route Vpn Clients through.... a VPN...

    I need to route VPN Clients (201) range below, through the vpn seen below.

    172 is the range we need to get to.

    Can anyone help with this.


    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    service sequence-numbers
    logging buffered 65535
    aaa new-model

    aaa authentication login local
    aaa authorization network local

    aaa session-id common
    clock timezone

    dot11 syslog
    no ip source-route
    ip cef

    no ip dhcp use vrf connected
    ip dhcp excluded-address

    ip dhcp pool Slan

    multilink bundle-name authenticated

    crypto isakmp policy 1
    encr 3des
    authentication pre-share
    group 2
    crypto isakmp key address no-xauth
    crypto isakmp keepalive 180 60

    crypto isakmp client configuration group

    acl VPNOnly

    crypto ipsec security-association lifetime seconds 86400

    crypto ipsec transform-set STRANS esp-3des esp-md5-hmac
    crypto ipsec transform-set SDymanicTrans esp-3des esp-sha-hmac
    crypto ipsec transform-set STRANS1 esp-3des
    crypto ipsec transform-set STRANS2 esp-3des esp-md5-hmac

    crypto dynamic-map SDynamicVPNMAP 10
    set transform-set SDymanicTrans

    crypto map sVPN client authentication list VPNUSER
    crypto map sVPN isakmp authorization list VPNGROUP
    crypto map sVPN client configuration address respond
    crypto map sVPN 20 ipsec-isakmp
    set peer
    set transform-set SVPNTRANS2
    match address AmericanTraffic
    crypto map SVPN 65535 ipsec-isakmp dynamic SDynamicVPNMAP

    log config

    ip ssh time-out 60
    ip ssh authentication-retries 2

    interface ATM0
    no ip address
    atm ilmi-keepalive 21600 retry 5
    pvc 8/35
    encapsulation aal5mux ppp dialer
    dialer pool-member 1

    dsl operating-mode auto

    interface FastEthernet0

    interface FastEthernet1

    interface FastEthernet2

    interface FastEthernet3

    interface Vlan1
    description Local Network
    ip address
    ip verify unicast reverse-path
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat inside
    ip virtual-reassembly
    no ip route-cache cef
    no ip route-cache
    ip tcp adjust-mss 1400
    no ip mroute-cache

    interface Dialer1
    description Internet Connection
    ip address negotiated
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat outside
    ip virtual-reassembly
    encapsulation ppp
    no ip route-cache cef
    ip tcp adjust-mss 1452
    no ip mroute-cache
    dialer pool 1
    dialer-group 1
    no cdp enable
    crypto map sVPN

    ip local pool SVPNPOOL
    ip forward-protocol nd
    ip route Dialer1

    no ip http server
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip dns server
    ip nat inside source route-map NoNAT interface Dialer1 overload

    ip access-list extended AmericanTraffic
    remark Mark American VPN traffic interesting
    permit ip
    permit ip
    ip access-list extended External
    remark Internet Connection Inbound Rules
    remark Permit Return Traffic
    permit tcp any any established
    remark Permit anything from Head office
    permit ip host WAN IP any
    permit ip any
    remark Permit VPN Traffic
    permit udp any host WAN eq isakmp
    permit udp any host WAN eq non500-isakmp
    permit esp any any
    remark permit DNS traffic
    permit udp any eq domain any
    remark permit NTP traffic
    permit udp any any eq ntp
    remark allow certain ICMP responses
    permit icmp any any echo-reply
    permit icmp any any time-exceeded
    permit icmp any any unreachable
    ip access-list extended NoNAT
    remark Don't NAT VPN traffic
    deny ip
    deny ip
    deny ip
    remark NAT all other traffic
    permit ip any
    ip access-list extended VPNOnly
    remark Don't NAT VPN traffic
    permit ip
    permit ip

    access-list 150 permit ip host
    access-list 150 permit ip host
    dialer-list 1 protocol ip permit
    no cdp run

    route-map NoNAT permit 10
    match ip address NoNAT


    banner motd ^CCCC

  • #2
    Re: Need to route Vpn Clients through.... a VPN...

    You probably better of doing a GRE-IPSEC tunnel to the remote site