Announcement

Collapse
No announcement yet.

How to config more than one crypto map

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to config more than one crypto map

    Hi,

    I need some help. I have a site to site VPN with no Nat working and i want to config a VPN Client to connect some computer to the network. I'm trying to connect but the connection fail

    This is my config

    Thanks You for your help

    version 15.1
    no service pad
    service timestamps debug uptime
    service timestamps log datetime msec
    no service password-encryption
    !
    !
    boot-start-marker
    boot-end-marker
    !
    !
    logging userinfo
    logging buffered 1000000
    enable password X.X.X.X
    !
    aaa new-model
    !
    !
    aaa authentication login default local
    aaa authentication login VPN_CLIENT_LOGIN local
    aaa authorization network VPN_CLIENT_GROUP local
    aaa authorization network sdm_vpn_group_ml_1 local
    !
    !
    !
    !
    !
    aaa session-id common
    memory-size iomem 10
    crypto pki token default removal timeout 0
    !
    !
    ip source-route
    !
    !
    !
    ip dhcp excluded-address 192.168.1.1 192.168.1.20
    !
    ip dhcp pool InternalLAN
    network 192.168.1.0 255.255.255.0
    dns-server 192.168.1.2
    default-router 192.168.1.1
    !
    !
    ip cef
    no ipv6 cef
    !
    !
    license udi pid CISCO881-K9 sn FTX171183FM
    !
    !
    username X.X.X.X password 0 X.X.X.X
    !
    !
    no crypto ikev2 diagnose error
    !
    !
    !
    !
    crypto isakmp policy 1
    encr 3des
    authentication pre-share
    group 2
    !
    crypto isakmp policy 10
    encr 3des
    authentication pre-share
    group 2
    lifetime 3600
    crypto isakmp key X.X.X.X address X.X.X.X
    !
    crypto isakmp client configuration group VPN_CLIENTS
    key ClientVpnKey
    dns 192.168.1.2
    pool VPN_CLIENT_POOL
    acl 101
    crypto isakmp profile VPNclient
    match identity group VPN_CLIENTS
    client authentication list VPN_CLIENT_LOGIN
    isakmp authorization list VPN_CLIENT_GROUP
    client configuration address respond
    !
    !
    crypto ipsec transform-set 1234 esp-3des esp-sha-hmac
    crypto ipsec transform-set TRANS_3DES_SHA esp-3des esp-sha-hmac
    !
    crypto dynamic-map EXT_DYNAMIC_MAP 10
    set transform-set TRANS_3DES_SHA
    set isakmp-profile VPNclient
    reverse-route
    !
    !
    crypto map EXT_MAP client authentication list VPN_CLIENT_LOGIN
    crypto map EXT_MAP isakmp authorization list VPN_CLIENT_GROUP
    crypto map EXT_MAP client configuration address respond
    !
    crypto map SDM_CMAP_1 1 ipsec-isakmp
    set peer X.X.X.X
    set transform-set 1234
    match address 100
    !
    !
    !
    !
    !
    interface FastEthernet0
    no ip address
    !
    interface FastEthernet1
    no ip address
    !
    interface FastEthernet2
    no ip address
    !
    interface FastEthernet3
    no ip address
    !
    interface FastEthernet4
    no ip address
    duplex auto
    speed auto
    !
    interface FastEthernet4.1820
    description Connection to Internet
    encapsulation dot1Q 1820
    ip address X.X.X.X 255.255.255.252
    ip nat outside
    ip virtual-reassembly in
    crypto map SDM_CMAP_1
    !
    interface Vlan1
    ip address 192.168.1.1 255.255.255.0
    ip nat inside
    ip virtual-reassembly in
    !
    ip local pool VPN_CLIENT_POOL 192.168.20.200 192.168.20.210
    ip forward-protocol nd
    no ip http server
    no ip http secure-server
    !
    ip nat inside source route-map nonat interface FastEthernet4.1820 overload
    ip nat inside source static tcp 192.168.1.11 80 X.X.X.X 80 extendable
    ip nat inside source static tcp 192.168.1.80 443 X.X.X.X 443 extendable
    ip nat inside source static tcp 192.168.1.11 1000 X.X.X.X 1000 extendable
    ip nat inside source static udp 192.168.1.11 1000 X.X.X.X 1000 extendable
    ip nat inside source static udp 192.168.1.20 6050 X.X.X.X 6050 extendable
    ip nat inside source static tcp 192.168.1.20 7050 X.X.X.X 7050 extendable
    ip nat inside source static udp 192.168.1.20 7050 X.X.X.X 7050 extendable
    ip nat inside source static tcp 192.168.1.23 7051 X.X.X.X 7051 extendable
    ip nat inside source static udp 192.168.1.23 7051 X.X.X.X 7051 extendable
    ip nat inside source static tcp 192.168.2.20 7052 X.X.X.X 7052 extendable
    ip nat inside source static udp 192.168.2.20 7052 X.X.X.X 7052 extendable
    ip nat inside source static tcp 192.168.3.20 7053 X.X.X.X 7053 extendable
    ip nat inside source static udp 192.168.3.20 7053 X.X.X.X 7053 extendable
    ip nat inside source static tcp 192.168.4.20 7054 X.X.X.X 7054 extendable
    ip nat inside source static udp 192.168.4.20 7054 X.X.X.X 7054 extendable
    ip nat inside source static tcp 192.168.5.20 7055 X.X.X.X 7055 extendable
    ip nat inside source static udp 192.168.5.20 7055 X.X.X.X 7055 extendable
    ip nat inside source static tcp 192.168.1.11 8080 X.X.X.X 8080 extendable
    ip route 0.0.0.0 0.0.0.0 X.X.X.X
    ip route 192.168.2.0 255.255.255.0 192.168.1.253
    ip route 192.168.3.0 255.255.255.0 192.168.1.253
    ip route 192.168.4.0 255.255.255.0 192.168.1.253
    ip route 192.168.5.0 255.255.255.0 192.168.1.253
    !
    access-list 100 permit ip 192.168.1.0 0.0.0.255 10.48.239.0 0.0.0.255
    access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.20.0 0.0.0.255
    access-list 110 deny ip 192.168.1.0 0.0.0.255 10.48.239.0 0.0.0.255
    access-list 110 deny ip 192.168.1.0 0.0.0.255 192.168.20.0 0.0.0.255
    access-list 110 permit ip 192.168.1.0 0.0.0.255 any
    access-list 110 permit ip 192.168.2.0 0.0.0.255 any
    access-list 110 permit ip 192.168.3.0 0.0.0.255 any
    access-list 110 permit ip 192.168.4.0 0.0.0.255 any
    access-list 110 permit ip 192.168.5.0 0.0.0.255 any
    !
    !
    !
    !
    route-map nonat permit 10
    match ip address 110
    !
    !
    !
    !
    line con 0
    password xxxxx
    no modem enable
    line aux 0
    line vty 0 4
    password xxxxx
    logging synchronous limit 2147483647
    monitor
    transport input all
    !
    end
Working...
X