Announcement

Collapse
No announcement yet.

Cisco 877 VPN Issue

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco 877 VPN Issue

    Hi Guys i am using a Cisco 877 to connect the office to the internet, i have tried to setup the Vpn side of things, but it isnt working to well.

    Ok so VPN connects and i can ping the routers interface ip addresses but when i try and ping something past the router on the LAN say a switch or server the ping fails.

    I think an ACL is needed but a colleague of mine says we do not need one, any suggestions, please find the config below and let me know where i have gone wrong:



    Current configuration : 5058 bytes
    !
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname RT
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 51200 warnings
    enable secret 5 xxxxxxxxxxxxxxxxxxxxxx
    !
    no aaa new-model
    !
    crypto pki trustpoint TP-self-signed-2340049423
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-2340049423
    revocation-check none
    rsakeypair TP-self-signed-2340049423
    !
    !
    crypto pki certificate chain TP-self-signed-2340049423
    certificate self-signed 01
    3082023A 308201A3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 32333430 30343934 3233301E 170D3032 30333034 30363237
    32355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 33343030
    34393432 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100CBE9 77303693 6CC8BBE4 6FF592D1 D27EA046 C0673E7D 9DE60F77 C198B0F0
    A53904C7 37AC6E82 B20E78A5 D7E3BCD5 881DEB9A 712EFD70 7AD49B67 9B7A241D
    B9E64889 C2CB03E6 67FD1CB0 0006CBAF 13D37643 B120959D 29F6E2F8 BA282FFC
    835FC076 630B428E 184EFDBA 71B09BA8 D62F9B8D 41A34205 AAA8765E 5DE08B8B
    37070203 010001A3 62306030 0F060355 1D130101 FF040530 030101FF 300D0603
    551D1104 06300482 02525430 1F060355 1D230418 30168014 5E2AB9FA 78F68541
    E13C99B5 078B2122 54DF2FB0 301D0603 551D0E04 1604145E 2AB9FA78 F68541E1
    3C99B507 8B212254 DF2FB030 0D06092A 864886F7 0D010104 05000381 81008CF4
    B3A27FA3 DB9FDACC 52528A99 BB2F8606 6632D4D2 9C1923EF 11C6CFC9 712F1F90
    FFC3FC94 FB0092C8 EDA8666E A3B01192 1341D248 A7953E01 E46C6CE3 794B8391
    CBFE273A CA94CBB3 8B9BFE70 F5BCA5DA 8052449A 15FA12EE 6D9A6BCF 5FD52EAF
    126D368E FBCE13A6 B5F50A83 56B4B641 A81968BD 2CA06E79 0390B72A 95DF
    quit
    dot11 syslog
    ip cef
    !
    !
    no ip dhcp use vrf connected
    ip dhcp excluded-address 192.168.9.1 192.168.9.200
    ip dhcp excluded-address 192.168.10.1 192.168.10.200
    !
    ip dhcp pool Home
    network 192.168.10.0 255.255.255.0
    default-router 192.168.10.1
    dns-server 192.168.10.1
    domain-name Fusion.local
    lease 7
    !
    ip dhcp pool AV
    network 192.168.9.0 255.255.255.0
    default-router 192.168.9.1
    dns-server 192.168.9.1
    domain-name Fusion.local
    lease 7
    !
    !
    ip name-server 208.67.222.222
    ip name-server 208.67.220.220
    ip auth-proxy max-nodata-conns 3
    ip admission max-nodata-conns 3
    !
    multilink bundle-name authenticated
    vpdn enable
    !
    vpdn-group 1
    ! Default PPTP VPDN group
    accept-dialin
    protocol pptp
    virtual-template 1
    !
    !
    !
    username admin privilege 15 password 0 xxxxxxxxxxxxxxxx

    !
    !
    archive
    log config
    hidekeys
    !
    !
    !
    bridge irb
    !
    !
    interface ATM0
    no ip address
    no atm ilmi-keepalive
    dsl operating-mode auto
    !
    interface ATM0.1 point-to-point
    description Internet Connection
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    pvc 0/38
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
    !
    !
    interface FastEthernet0
    description Uplink to Switch
    switchport mode trunk
    !
    interface FastEthernet1
    !
    interface FastEthernet2
    !
    interface FastEthernet3
    !
    interface Virtual-Template1
    ip unnumbered Dialer0
    peer default ip address pool vpnpool
    no keepalive
    ppp encrypt mppe auto passive
    ppp authentication pap chap ms-chap ms-chap-v2
    !
    interface Dot11Radio0
    no ip address
    shutdown
    speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
    station-role root
    !
    interface Vlan1
    description Home Vlan
    no ip address
    ip nat inside
    ip virtual-reassembly
    ip tcp adjust-mss 1452
    bridge-group 1
    !
    interface Vlan2
    description AV Vlan
    ip address 192.168.9.1 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    ip tcp adjust-mss 1452
    !
    interface Dialer0
    ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat outside
    ip virtual-reassembly
    encapsulation ppp
    ip tcp adjust-mss 1452
    dialer pool 1
    dialer-group 1
    no cdp enable
    ppp authentication chap pap callin
    ppp chap hostname xxxxxxxxxxxxxxxxxxxxxxxxxxx
    ppp chap password 0 xxxxxxxxxxxxxxxx
    !
    interface BVI1
    description $ES_LAN$
    ip address 192.168.10.1 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    !
    ip local pool vpnpool 192.168.254.10 192.168.254.20
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 Dialer0
    !
    !
    ip http server
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip dns server
    ip nat inside source list 1 interface Dialer0 overload
    ip nat inside source static tcp 192.168.10.1 1723 interface Dialer0 1723
    ip nat inside source static tcp 192.168.10.1 23 interface Dialer0 23
    !
    access-list 1 permit 192.168.0.0 0.0.255.255
    dialer-list 1 protocol ip permit
    !
    !
    !
    !
    control-plane
    !
    bridge 1 protocol ieee
    bridge 1 route ip
    !
    line con 0
    login local
    no modem enable
    line aux 0
    line vty 0 4
    privilege level 15
    login local
    !
    scheduler max-task-time 5000
    end
    Last edited by ncanacott; 23rd January 2012, 20:16.

  • #2
    Re: Cisco 877 VPN Issue

    i think you aee missing aa route from 192.168.254.0 and your normal networks... ?
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: Cisco 877 VPN Issue

      Definitely routing. From inside your router's CLI, use the 'show ip route'. It will give you the complete routing table. Chances are you'll see that the routing table is incomplete. You may need to add a route manually, in the format of the default route already defined.

      As for ACLs: When you talk about restricting traffic, then ACLs are used to do that. If no ACLs are defined on either of any 2 interfaces where traffic may pass, then there's no restriction. But you've only got one internal interface with an address on it, VLAN2. Try pinging that specific address from your external VPN device. If it pings, you'll have to add at least 1 route manually for forwarding other traffic. If the ping fails, something else is afoot inside the router.
      *RicklesP*
      MSCA (2003/XP), Security+, CCNA

      ** Remember: credit where credit is due, and reputation points as appropriate **

      Comment


      • #4
        Re: Cisco 877 VPN Issue

        ok thanks guys i will give it a try and let you know how i get on

        Comment

        Working...
        X