No announcement yet.

Cisco 1760 VPN server problem

  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco 1760 VPN server problem

    I have a Cisco 1760 configured as easy VPN server. Using the cisco VPN client I can connect to the VPN server. The problem is that there is no ping between clients. When I connect several clients to the VPN server there is no ping between the clients.
    But when I login into the router I can ping the clients and make ssh remote logins into the clients. It seems that there is no access between the clients and they cannot communicate at all.

    The cisco router is placed in DMZ zone.
    Remote clients can connect into the router.
    Here is the configuration of the VPN server:

    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    hostname router
    aaa new-model
    aaa authentication login default local
    aaa authentication login ciscocp_vpn_xauth_ml_1 local
    aaa authorization exec default local
    aaa authorization network ciscocp_vpn_group_ml_1 local
    aaa session-id common
    resource policy
    mmi polling-interval 60
    no mmi auto-configure
    no mmi pvc
    mmi snmp-timeout 180
    ip subnet-zero
    no ip routing
    no ip cef
    crypto pki trustpoint TP-self-signed-1747916323
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-1747916323
    revocation-check none
    rsakeypair TP-self-signed-1747916323
    crypto pki certificate chain TP-self-signed-1747916323
    certificate self-signed 01
    3082023F 308201A8 A0030201 02020101 300D0609 2A844886 F70D0101 04050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 31303437 39313633 3233301E 170D3032 30333032 32313333
    30315A17 0D023030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 37343739
    31363332 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100AB1B 2A8D5B2B 599B7EC8 7FF5E250 7E1DBD32 7FD21FA9 FD19E506 8A3FD17A
    98239D9C C668C13F F9A8AF3B 796E59BD 97406186 E070C277 8B7B2DDE 552AEFC4
    41641BB6 03AE4C4A 1AEB2475 3E719835 1BCE8D91 DB77CD45 ED5C3A50 416FCDD0
    A4B1B516 2358DC92 4532EF8D 17B770D3 800F9C1E 6737DBE0 5C86B9BE 80D59AD6
    95170203 010001A3 67306530 0F060325 1D130101 FF040530 030101FF 30120603
    551D1104 0B300982 07726F75 7465722E 301F0603 551D2304 18301680 14866B73
    9AB9E278 AC270487 BA59E150 4AEECB9C 06301D06 03551D0E 04160414 866B739A
    B9E278AC 270487BA 59E1504A EECB9C06 300D0609 2A864886 F70D0101 04050003
    8181008A 3EBF6AA3 7F21EC77 D70F93D7 0DED1739 CCE97EC6 33E9438B D752AAFF
    12B6B370 F7F2BE8C 62A822D3 3946CC27 0E94EB9C 94B5BA75 E2A31751 EEA6882F
    740E7F40 707A7F5E 9ABD572F EA0964AC 7CBFAC8D F5796E98 27A46269 5A2C7485
    68711E7F A91DB165 89F2D36E 4819C43F 022D4940 5642D4BC FE8986FD F69A74F4 A8210F
    username root privilege 15 password 0 qwerty
    username test password 0 qwerty
    crypto isakmp policy 1
    encr 3des
    authentication pre-share
    group 2
    crypto isakmp xauth timeout 15

    crypto isakmp client configuration group vpn
    key 6y5t4r3e2w1q
    pool SDM_POOL_1
    acl 100
    max-logins 10
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto dynamic-map SDM_DYNMAP_1 1
    set transform-set ESP-3DES-SHA
    crypto map SDM_CMAP_1 client authentication list ciscocp_vpn_xauth_ml_1
    crypto map SDM_CMAP_1 isakmp authorization list ciscocp_vpn_group_ml_1
    crypto map SDM_CMAP_1 client configuration address respond
    crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
    interface FastEthernet0/0
    ip address
    ip nat inside
    ip virtual-reassembly
    no ip route-cache
    speed auto
    crypto map SDM_CMAP_1
    ip local pool SDM_POOL_1
    ip default-gateway
    ip classless
    ip default-network
    ip http server
    ip http authentication local
    ip http secure-server
    access-list 100 permit ip any any
    line con 0
    line aux 0
    line vty 0 4
    transport input telnet ssh

    Any idea where is the problem?

  • #2
    Re: Cisco 1760 VPN server problem

    Add an access-list like this:

    access-list 101 permit ip
    CCNA, Network+