f



Cisco 1811 K9- VPN clients can connect, but can't connect or ping to computers

I have an 1811 that I use as a firewall.  Last Friday I configured a
site to site VPN for a vendor to do offsite backups.  Ever since then,
remote users have reported that they successfully connect their VPN
clients, but all traffic (email, remote desktop) is denied.  Any ideas?
0
Pappy
1/30/2009 9:30:40 PM
comp.dcom.sys.cisco 25313 articles. 0 followers. Post Follow

1 Replies
1150 Views

Similar Articles

[PageSpeed] 0

On Jan 30, 3:30=A0pm, Pappy <sodapopsa...@gmail.com> wrote:
> I have an 1811 that I use as a firewall. =A0Last Friday I configured a
> site to site VPN for a vendor to do offsite backups. =A0Ever since then,
> remote users have reported that they successfully connect their VPN
> clients, but all traffic (email, remote desktop) is denied. =A0Any ideas?

Here is the config:
!This is the running config of the router: 172.25.2.2
!--------------------------------------------------------------------------=
--
!version 12.4
service timestamps debug datetime msec
service timestamps log datetime localtime show-timezone
no service password-encryption
service sequence-numbers
!
hostname
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 group radius local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
aaa authorization network sdm_vpn_group_ml_2 local
!
aaa session-id common
!
resource policy
!
clock timezone IDLW -12
!
!
ip cef
!
!
ip domain name
ip name-server 205.152.132.23
ip name-server 205.152.37.23
ip inspect log drop-pkt
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip inspect name SDM_LOW https
ip ips sdf location flash://128MB.sdf autosave
ip ips notify SDEE
ip ips name sdm_ips_rule
!
!
crypto pki trustpoint TP-self-signed-1675073411
 enrollment selfsigned
 subject-name cn=3DIOS-Self-Signed-Certificate-1675073411
 revocation-check none
 rsakeypair TP-self-signed-1675073411
!
!
crypto pki certificate chain TP-self-signed-1675073411
 certificate self-signed 01
  3082024E 308201B7 A0030201 02020101 300D0609 2A864886 F70D0101
04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D
43657274
  69666963 6174652D 31363735 30373334 3131301E 170D3038 30353133
31323230
  35365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504
03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31
36373530
  37333431 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030
81890281
  8100E912 A1301C77 6B8EDD60 B00051A5 2F61DE43 10159F74 6215BFD1
F810F8E1
  C467E7AB A8CAC680 E298DDB1 829BD994 D417589C E8AEFF93 7D1FE2C4
B9204F9C
  842094EB 1F98D950 22B74860 5DCCC8EF 4F0C4F4A 98C59F11 9178718C
6125E117
  DA2BBF30 4C051386 03AE9275 17A563D5 F983575F FDECDFEE 39C43369
B2F0A27C
  2FA70203 010001A3 76307430 0F060355 1D130101 FF040530 030101FF
30210603
  551D1104 1A301882 16666973 68667279 31383131 2E747366 662E6C6F
63616C30
  1F060355 1D230418 30168014 D4A5D4B9 E8754DB9 44374330 2E982A58
8D304B94
  301D0603 551D0E04 160414D4 A5D4B9E8 754DB944 3743302E 982A588D
304B9430
  0D06092A 864886F7 0D010104 05000381 8100C5CD 62640EB3 8FB80C86
2C3FC85A
  EDC1FD62 821881D2 0F2DB398 0F9D0F46 A86838C0 9A5AFC6C DB54E0AB
C24676DE
  50AFFA95 01DDE848 B69C5FF2 C4DA5B4C 58391ECE 3A342D2B 6799B66D
9CCBA31C
  99C19267 3A1047C4 52A41CA6 31B67C06 8844346E 09142955 FE695D03
9C3E7A27
  107EE3DE 20034EFF BF4108DC EACAAB6E 4FC3
  quit
username verma privilege 15 secret 5 $1$UCg9$cP4FVv8HMZ3UFC3woujSV/
!
!
!
crypto isakmp policy 1
 encr aes 256
 authentication pre-share
 group 2
crypto isakmp key f15hfry2v3rm@vpn address 66.55.21.162
crypto isakmp key srdBZ%sao78 address 67.78.238.2
!
crypto isakmp client configuration group RemEmp
 key fishfryemp
 dns 172.25.2.10 172.25.2.11
 domain tsff.local
 pool SDM_POOL_1
 acl 103
!
crypto isakmp client configuration group verma
 key =3D420369910002i$v
 dns 172.25.2.10 172.25.2.11
 domain tsff.local
 pool SDM_POOL_1
 acl 103
!
crypto isakmp client configuration group SupRem
 key letmein
 dns 172.25.2.10 172.25.2.11
 domain tsff.local
 pool SDM_POOL_1
 acl 103
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes 256 esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
 set transform-set ESP-3DES-SHA
 reverse-route
 qos pre-classify
!
!
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 1 ipsec-isakmp
 description Tunnel to66.55.21.162
 set peer 66.55.21.162
 set transform-set ESP-AES-256-SHA
 match address 114
crypto map SDM_CMAP_1 2 ipsec-isakmp
 description Tunnel to67.78.238.2
 set peer 67.78.238.2
 set transform-set ESP-AES-256-SHA
 match address 125
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
!
!
!
interface FastEthernet0
 description Bellsouth Internet Service$FW_OUTSIDE$$ETH-WAN$
 ip address 12.237.113.130 255.255.255.240
 ip access-group 103 in
 ip verify unicast reverse-path
 ip nat outside
 ip inspect SDM_LOW out
 ip ips sdm_ips_rule in
 ip virtual-reassembly
 no ip route-cache cef
 no ip route-cache
 no ip mroute-cache
 duplex auto
 speed auto
 crypto map SDM_CMAP_1
!
interface FastEthernet1
 description Cox Internet Service$FW_OUTSIDE$$ETH-WAN$
 ip address 70.164.48.74 255.255.255.240
 ip verify unicast reverse-path
 ip nat outside
 ip ips sdm_ips_rule in
 ip virtual-reassembly
 no ip route-cache cef
 no ip route-cache
 no ip mroute-cache
 duplex auto
 speed auto
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
 switchport mode trunk
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$FW_INSIDE$
 ip address 172.25.2.2 255.255.254.0
 ip access-group 100 in
 ip helper-address 172.25.2.10
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
interface Vlan10
 description $FW_INSIDE$
 ip address 172.25.4.1 255.255.255.0
 ip access-group 102 in
 ip helper-address 172.25.2.10
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
interface Async1
 no ip address
 encapsulation slip
!
ip local pool SDM_POOL_1 192.168.2.1 192.168.2.254
ip route 0.0.0.0 0.0.0.0 12.237.113.129
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat translation timeout 300
ip nat translation tcp-timeout 300
ip nat translation icmp-timeout 5
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0
overload
ip nat inside source static tcp 172.25.2.13 80 interface FastEthernet0
80
ip nat inside source static tcp 172.25.2.13 25 interface FastEthernet0
25
ip nat inside source static tcp 172.25.2.13 443 interface
FastEthernet0 443
ip nat outside source static tcp 12.237.113.130 3000 172.25.2.220 3000
extendable
ip nat outside source static tcp 12.237.113.130 7000 172.25.2.220 7000
extendable
ip nat outside source static tcp 12.237.113.130 7021 172.25.2.220 7021
extendable
ip nat outside source static tcp 12.237.113.130 8000 172.25.2.220 8000
extendable
ip nat outside source static tcp 12.237.113.130 8001 172.25.2.220 8001
extendable
ip nat outside source static tcp 12.237.113.130 8002 172.25.2.220 8002
extendable
ip nat outside source static tcp 12.237.113.130 8003 172.25.2.220 8003
extendable
ip nat outside source static udp 12.237.113.130 8875 172.25.2.220 8875
extendable
ip nat outside source static tcp 12.237.113.130 9000 172.25.2.220 9000
extendable
ip nat outside source static tcp 12.237.113.130 9001 172.25.2.220 9001
extendable
!
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=3D1
access-list 100 deny   ip 12.237.113.128 0.0.0.15 any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark SDM_ACL Category=3D16
access-list 101 permit ip 172.25.2.0 0.0.1.255 any
access-list 102 deny   ip 12.237.113.128 0.0.0.15 any
access-list 102 remark auto generated by SDM firewall
access-list 102 remark SDM_ACL Category=3D1
access-list 102 deny   ip host 255.255.255.255 any
access-list 102 deny   ip 127.0.0.0 0.255.255.255 any
access-list 102 permit ip any any
access-list 103 remark auto generated by SDM firewall configuration
access-list 103 remark SDM_ACL Category=3D5
access-list 103 remark IPSec Rule
access-list 103 permit ip 172.25.25.0 0.0.0.255 172.25.2.0 0.0.0.255
access-list 103 permit ip 192.168.2.0 0.0.0.255 host 67.78.238.2
access-list 103 permit ip 192.168.2.0 0.0.0.255 10.4.1.0 0.0.0.255
access-list 103 remark IPSec Rule
access-list 103 permit ip 10.4.1.0 0.0.0.255 172.25.2.0 0.0.1.255
access-list 103 permit udp host 67.78.238.2 host 12.237.113.130 eq
non500-isakmp
access-list 103 permit udp host 67.78.238.2 host 12.237.113.130 eq
isakmp
access-list 103 permit esp host 67.78.238.2 host 12.237.113.130
access-list 103 permit ahp host 67.78.238.2 host 12.237.113.130
access-list 103 remark Auto generated by SDM for NTP (123)
64.236.96.53
access-list 103 permit udp host 64.236.96.53 eq ntp host
12.237.113.130 eq ntp
access-list 103 remark Auto generated by SDM for NTP (123)
64.90.182.55
access-list 103 permit udp host 64.90.182.55 eq ntp host
12.237.113.130 eq ntp
access-list 103 permit ahp host 66.55.21.162 host 12.237.113.130
access-list 103 permit ahp any host 12.237.113.130
access-list 103 permit esp host 66.55.21.162 host 12.237.113.130
access-list 103 permit esp any host 12.237.113.130
access-list 103 permit udp host 66.55.21.162 host 12.237.113.130 eq
isakmp
access-list 103 permit udp any host 12.237.113.130 eq isakmp
access-list 103 permit udp host 66.55.21.162 host 12.237.113.130 eq
non500-isakmp
access-list 103 permit udp any host 12.237.113.130 eq non500-isakmp
access-list 103 remark Auto generated by SDM for NTP (123)
64.236.96.53
access-list 103 permit udp host 64.236.96.53 eq ntp host
12.237.113.129 eq ntp
access-list 103 remark Auto generated by SDM for NTP (123)
64.90.182.55
access-list 103 permit udp host 64.90.182.55 eq ntp host
12.237.113.129 eq ntp
access-list 103 permit ahp host 66.55.21.162 host 12.237.113.129
access-list 103 permit ahp any host 12.237.113.129
access-list 103 permit esp host 66.55.21.162 host 12.237.113.129
access-list 103 permit esp any host 12.237.113.129
access-list 103 permit udp host 66.55.21.162 host 12.237.113.129 eq
isakmp
access-list 103 permit udp any host 12.237.113.129 eq isakmp
access-list 103 permit udp host 66.55.21.162 host 12.237.113.129 eq
non500-isakmp
access-list 103 permit udp any host 12.237.113.129 eq non500-isakmp
access-list 103 permit udp any host 12.237.113.130 eq 8875
access-list 103 permit tcp any host 12.237.113.130 eq 7021
access-list 103 permit tcp any host 12.237.113.130 eq 3000
access-list 103 permit tcp any host 12.237.113.130 eq 9001
access-list 103 permit tcp any host 12.237.113.130 eq 9000
access-list 103 permit tcp any host 12.237.113.130 eq 8003
access-list 103 permit tcp any host 12.237.113.130 eq 8002
access-list 103 permit tcp any host 12.237.113.130 eq 8001
access-list 103 permit tcp any host 12.237.113.130 eq 8000
access-list 103 permit tcp any host 12.237.113.130 eq 7000
access-list 103 permit ip 192.168.2.0 0.0.0.255 host 66.55.21.162
access-list 103 permit ip 192.168.2.0 0.0.0.255 172.25.25.0 0.0.0.255
access-list 103 permit tcp any host 12.237.113.130 eq 443
access-list 103 permit tcp any host 12.237.113.130 eq www
access-list 103 permit tcp any host 12.237.113.130 eq smtp
access-list 103 permit tcp any host 12.237.113.130 eq 5631
access-list 103 permit tcp any host 12.237.113.130 eq 5632
access-list 103 permit tcp any host 12.237.113.130 eq 3550
access-list 103 permit tcp any host 12.237.113.130 eq 4550
access-list 103 permit tcp any host 12.237.113.130 eq 5550
access-list 103 permit tcp any host 12.237.113.130 eq 6550
access-list 103 permit ip 192.168.2.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 103 permit ip 192.168.2.0 0.0.0.255 66.55.21.160 0.0.0.15
access-list 103 permit ip 192.168.2.0 0.0.0.255 any
access-list 103 permit ip 192.168.2.0 0.0.0.255 host 64.90.182.55
access-list 103 permit ip 192.168.2.0 0.0.0.255 host 64.236.96.53
access-list 103 remark Auto generated by SDM for NTP (123)
64.90.182.55
access-list 103 deny   ip 172.25.4.0 0.0.0.255 any
access-list 103 deny   ip 172.25.2.0 0.0.1.255 any
access-list 103 permit icmp any host 12.237.113.130 echo-reply
access-list 103 permit icmp any host 12.237.113.130 time-exceeded
access-list 103 permit icmp any host 12.237.113.130 unreachable
access-list 103 permit tcp 66.55.21.160 0.0.0.15 host 12.237.113.130
eq 443
access-list 103 permit tcp 66.55.21.160 0.0.0.15 host 12.237.113.130
eq 22
access-list 103 permit tcp 66.55.21.160 0.0.0.15 host 12.237.113.130
eq cmd
access-list 103 deny   ip 10.0.0.0 0.255.255.255 any
access-list 103 deny   ip 172.16.0.0 0.15.255.255 any
access-list 103 deny   ip 192.168.0.0 0.0.255.255 any
access-list 103 deny   ip 127.0.0.0 0.255.255.255 any
access-list 103 deny   ip host 255.255.255.255 any
access-list 103 deny   ip host 0.0.0.0 any
access-list 103 deny   ip any any log
access-list 104 remark SDM_ACL Category=3D18
access-list 104 remark IPSec Rule
access-list 104 deny   ip 172.25.2.0 0.0.0.255 172.25.25.0 0.0.0.255
access-list 104 remark IPSec Rule
access-list 104 deny   ip 172.25.2.0 0.0.1.255 10.4.1.0 0.0.0.255
access-list 104 deny   ip 172.25.2.0 0.0.1.255 172.25.4.0 0.0.0.255
access-list 104 deny   ip 66.55.21.160 0.0.0.15 192.168.2.0 0.0.0.255
access-list 104 deny   ip host 64.90.182.55 192.168.2.0 0.0.0.255
access-list 104 deny   ip host 64.236.96.53 192.168.2.0 0.0.0.255
access-list 104 deny   ip 192.168.2.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 104 deny   ip any 192.168.2.0 0.0.0.255
access-list 104 deny   ip host 172.25.2.220 any
access-list 104 permit ip 172.25.2.0 0.0.1.255 any
access-list 104 permit ip 172.25.4.0 0.0.0.255 any
access-list 105 permit ip 172.25.2.0 0.0.0.255 any
access-list 106 remark SDM_ACL Category=3D2
access-list 106 deny   ip host 172.25.2.13 192.168.2.0 0.0.0.255
access-list 106 permit ip host 172.25.2.13 any
access-list 106 permit ip host 192.168.1.2 any
access-list 106 deny   ip host 192.168.1.2 192.168.2.0 0.0.0.255
access-list 106 deny   ip host 192.168.1.2 192.168.3.0 0.0.0.255
access-list 107 remark SDM_ACL Category=3D2
access-list 107 permit ip host 192.168.1.3 any
access-list 107 deny   ip host 192.168.1.3 192.168.2.0 0.0.0.255
access-list 107 deny   ip host 192.168.1.3 192.168.3.0 0.0.0.255
access-list 108 remark SDM_ACL Category=3D2
access-list 108 permit ip host 192.168.1.109 any
access-list 108 deny   ip host 192.168.1.109 192.168.2.0 0.0.0.255
access-list 108 deny   ip host 192.168.1.109 192.168.3.0 0.0.0.255
access-list 109 remark SDM_ACL Category=3D2
access-list 109 permit ip host 192.168.1.129 any
access-list 109 deny   ip host 192.168.1.129 192.168.2.0 0.0.0.255
access-list 109 deny   ip host 192.168.1.129 192.168.3.0 0.0.0.255
access-list 110 remark SDM_ACL Category=3D2
access-list 110 deny   ip host 172.25.2.220 192.168.2.0 0.0.0.255
access-list 110 permit ip host 172.25.2.220 any
access-list 111 remark SDM_ACL Category=3D2
access-list 111 deny   ip host 172.25.2.220 192.168.2.0 0.0.0.255
access-list 111 permit ip host 172.25.2.220 any
access-list 112 remark SDM_ACL Category=3D2
access-list 112 deny   ip host 172.25.2.220 192.168.2.0 0.0.0.255
access-list 112 permit ip host 172.25.2.220 any
access-list 113 remark SDM_ACL Category=3D2
access-list 113 deny   ip host 172.25.2.220 192.168.2.0 0.0.0.255
access-list 113 permit ip host 172.25.2.220 any
access-list 114 remark SDM_ACL Category=3D4
access-list 114 remark IPSec Rule
access-list 114 permit ip 172.25.2.0 0.0.0.255 172.25.25.0 0.0.0.255
access-list 115 remark SDM_ACL Category=3D2
access-list 115 deny   ip host 172.25.2.220 192.168.2.0 0.0.0.255
access-list 115 permit ip host 172.25.2.220 any
access-list 116 remark SDM_ACL Category=3D2
access-list 116 deny   ip host 172.25.2.220 192.168.2.0 0.0.0.255
access-list 116 permit ip host 172.25.2.220 any
access-list 117 remark SDM_ACL Category=3D2
access-list 117 deny   ip host 172.25.2.220 192.168.2.0 0.0.0.255
access-list 117 permit ip host 172.25.2.220 any
access-list 118 remark SDM_ACL Category=3D2
access-list 118 deny   ip host 172.25.2.220 192.168.2.0 0.0.0.255
access-list 118 permit ip host 172.25.2.220 any
access-list 119 remark SDM_ACL Category=3D2
access-list 119 deny   ip host 172.25.2.220 192.168.2.0 0.0.0.255
access-list 119 permit ip host 172.25.2.220 any
access-list 120 remark SDM_ACL Category=3D2
access-list 120 deny   ip host 172.25.2.220 192.168.2.0 0.0.0.255
access-list 120 permit ip host 172.25.2.220 any
access-list 121 remark SDM_ACL Category=3D2
access-list 121 deny   ip host 172.25.2.220 192.168.2.0 0.0.0.255
access-list 121 permit ip host 172.25.2.220 any
access-list 122 remark SDM_ACL Category=3D2
access-list 122 deny   ip host 172.25.2.220 192.168.2.0 0.0.0.255
access-list 122 permit ip host 172.25.2.220 any
access-list 123 remark SDM_ACL Category=3D2
access-list 123 deny   ip host 172.25.2.220 192.168.2.0 0.0.0.255
access-list 123 permit ip host 172.25.2.220 any
access-list 124 remark SDM_ACL Category=3D2
access-list 124 deny   ip host 172.25.2.220 192.168.2.0 0.0.0.255
access-list 124 permit ip host 172.25.2.220 any
access-list 125 remark SDM_ACL Category=3D4
access-list 125 remark IPSec Rule
access-list 125 permit ip 172.25.2.0 0.0.1.255 10.4.1.0 0.0.0.255
!
!
!
route-map SDM_RMAP_15 permit 1
 match ip address 119
!
route-map SDM_RMAP_14 permit 1
 match ip address 118
!
route-map SDM_RMAP_17 permit 1
 match ip address 121
!
route-map SDM_RMAP_16 permit 1
 match ip address 120
!
route-map SDM_RMAP_11 permit 1
 match ip address 115
!
route-map SDM_RMAP_10 permit 1
 match ip address 113
!
route-map SDM_RMAP_13 permit 1
 match ip address 117
!
route-map SDM_RMAP_20 permit 1
 match ip address 124
!
route-map SDM_RMAP_12 permit 1
 match ip address 116
!
route-map SDM_RMAP_19 permit 1
 match ip address 123
!
route-map SDM_RMAP_18 permit 1
 match ip address 122
!
route-map SDM_RMAP_4 permit 1
 match ip address 107
!
route-map SDM_RMAP_5 permit 1
 match ip address 108
!
route-map SDM_RMAP_6 permit 1
 match ip address 109
!
route-map SDM_RMAP_7 permit 1
 match ip address 110
!
route-map SDM_RMAP_1 permit 1
 match ip address 104
 match interface FastEthernet0
!
route-map SDM_RMAP_2 permit 1
 match ip address 105
 match interface FastEthernet1
!
route-map SDM_RMAP_3 permit 1
 match ip address 106
!
route-map SDM_RMAP_8 permit 1
 match ip address 111
!
route-map SDM_RMAP_9 permit 1
 match ip address 112
!
!
!
radius-server host 192.168.1.11 auth-port 1645 acct-port 1646 key v
$i19963024=3D
radius-server host 192.168.1.10 auth-port 1645 acct-port 1646 key v
$i20003024=3D
!
control-plane
!
banner login ^C
-----------------------------------------------------------------------
Warning: Unauthorized access to this device will not be tolerated.
Leave now while there is still time...
-----------------------------------------------------------------------
^C
!
line con 0
line 1
 modem InOut
 stopbits 1
 speed 115200
 flowcontrol hardware
line aux 0
line vty 0 4
 access-class 23 in
 transport input telnet ssh
line vty 5 15
 access-class 23 in
 transport input telnet ssh
!
ntp clock-period 17180130
ntp server 64.90.182.55
ntp server 64.236.96.53
!
webvpn context Default_context
 ssl authenticate verify all
 !
 no inservice
!
end


0
Pappy
1/30/2009 10:11:57 PM
Reply:

Similar Artilces:

Cisco VPN client connects but can't ping or connect to anything?
I have a strange problem with one particular machine with Cisco vpn client installed. Numerous people report that they can connect successfully and map drives. However when this one remote user connects, she can't ping or map drives to any servers?? The internal network behind Cisco PIX is a 192.168.2.x/24 network, the private network the client is coming from is of 10.x.x.x/xx network. WinXP firewall is disabled on the client machine. Machines that vpn in receive IP addresses 192.168.2.110-120 . Any ideas?? thank you "ronnieshih" <ronnieshih@gmail.com> wrote in m...

Why can't I connect or ping my boxes after having connected to a Cisco VPN server.
Hello, experts. I have a home office with following networking equipment. 1. a DSL modem (Internal IP 192.168.0.0) 2. a Wireless Router AP (Internal IP 192.168.3.0) 3. a laptop connected via a wireless card (static ip: 192.168.3.3) 4. subnet mask : 255.255.255.0 Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Belkin 802.11g Wireless Card Physical Address. . . . . . . . . : 00-22-90-10-F7-88 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Autoconfiguration IP Address. . . : 192.168.3.3 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Def...

Cisco VPN Client V3.6 can't connect to Server.
I am using a CISCO VPN Client dailer V3.6 and it works at many place for connecting to my own company's server. But now I am working at a client site, the only port opened for getting out firewall is 8000. CISCO's VPN dialer can't connect to Internet because it does not use the port 8000(?). People who are using different VPN dialer was able to connect, all they did is to provide proxy server and port number in the ini file. I wonder if there is a way to tell CISCO VPN Client to use different proxy/port instead of the default one. Any help? Thanks! Keith ...

can't connect to cisco 837 easy vpn <-> Client ver 3.6
Hi, trying to connect to my Cisco 837 easy vpn server w/a Cisco vpn client version 3.6.4 w/ no luck. I wrote the config file myself based on what i as able to find on the net. the errors i am getting on the client side are: 1 19:11:59.698 12/16/03 Sev=Warning/2 IKE/0xE300007C Exceeded 3 IKE SA negotiation retransmits... peer is not responding 2 19:11:59.748 12/16/03 Sev=Warning/3 DIALER/0xE3300008 GI VPNStart callback failed "CM_PEER_NOT_RESPONDING" (16h). my config file is as follows: ! version 12.3 no service pad service timestamps debug uptime service timestam...

CORRECTION : Can't connect to Xserver SHOULD BE Can't connect to XVNCserver
I've got a RH 9 machine running, with x/kde. From 2 different Windows machines (Win2k and Win98), I can't seem to connect to the vncserver on the RH system. (failed to connect to server is displayed, when I connect from the client) After looking at the System Service Configuration tool in KDE, the Status for vncserver shows "Xvnc is stopped". When I restart the vnc service, "VNC server start was successful is displayed in a message box, yet the staus still shows "Xvnc is stopped" What am I doing wrong ? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 21 M...

Client can't connect to the default port, but can connect to other ports
I am not able to connect to the sshd running on default port, but if I run a new sshd at a specific port, I can connect to it. Here are debug outputs from the two calls. syslogs don't show anything either. Can someone please help me solve this problem. ================= ps -ef ================= [namit@namit-pc ~/.ssh]$ ps -ef | grep sshd root 5114 1 0 Aug12 ? 00:00:05 /usr/sbin/sshd root 19131 1 0 Aug17 ? 00:00:00 /usr/sbin/sshd -p 10111 namit 30922 19148 0 09:52 pts/6 00:00:00 grep sshd [namit@namit-pc ~/.ssh]$ ================= Default port ====...

Can connect to Check Point VPN server but can't ping?
My home PC is behind a D-Link broadband router. When I use the Check Point SecuRemote VPN client to connect to the company Check Point VPN server (NG FP3), I could connect and authenticated by firewall but I could not ping any internal servers. My home network is 192.168.x.x and my company network is 10.99.x.x. Any suggestions? Thank you in advance for answers. ...

can ping netware server but can't connect across vpn
Hi I am trying to log into a netware 5.1 network running ip only and am having problems. The connection is a VPN connection through a Watchguard Soho using the mobile user vpn software client. The connection works fine, and I can ping the server ip using its private ip address, and I can even use a browser to connect to the server and 'look at it', so I know the connection is good. What I want to do is actually login using the novell client 4.83 sp1. I have kind of run out of ideas, as network neighbourhood doesn't show any of the machines on the remote network, and I c...

PPTP VPN client can make connection but can't see network resources
Hi, I am trying to setup a VPN between my home and the office and can only get it partially working. Office ------- * Small network connected to the internet by a Draytek router (Draytek 2600). * Draytek router has an inbuilt VPN server which is setup and running. Home ----- * Win98 Box. Have installed VPN client and can successfully attach to the Draytek routers VPN server across the intenet and get access to all the office network resources. This was very simple to do and works fine. * SUSE Linux box. Have installed pptp and can establish a connection to the Draytek routers VPN server...

Cisco VPN to 3000 Conc..can't surf while connected
I can't figure this one out. I can't get access to the Internet while a VPN connection is established between a Dell laptop (Inspiron 4100,Win2K) running the Cisco VPN Client and a Cisco 3000 Concentrator at work while on my Roadrunner Cable access behind a Linksys router. Now wait a minute....my Dell desktop (WinXP) running the same client behind the same router works fine. My Compaq laptop (WinXP) also works fine running the same client behind the same router. Another anomaly: the suspect Dell laptop will connect to the Internet while connected through the VPN if I use a dial-up...

Cisco Easy VPN connects, but can't access remote LAN
I have Cisco Easy VPN setup on a SR520 router with IOS Version 12.4(20)T6. = The client computer is running Linux using vpnc 0.5.3 http://www.unix-ag.u= ni-kl.de/~massar/vpnc/. I'm able to establish the vpn connection, but can'= t ping the SR520 router that the connection is made to or any other devices= attached to the switch ports on this router. After making a vpn connection if I ping the router vlan ip from the client = computer the numbers increase shown by this command: Router#show crypto ipsec sa #pkts decaps: 25, #pkts decrypt: 25, #pkts verify: 25 I don&#...

can ping, can't connect
Ok, I have a sever box running Debian stable with a 2.6 kernel (686). It was working fine. Suddenly after about a month up time it stopped, I think it was an IP ipdate form the cable modem but whatever happened I rebooted and when it came back up it cuold no longer make connections. It is now sitting behind my emergency windows box ICS. It can ping www.google.com with no problem but links www.google.com sits there with "Making connection". I did have it running a firewall that caused no probs for outbound connections like that but i have turned that off. It wont let me ssh in...

Can ping sites but can't connect to them
After upgrading win98 to win98se, I installed a new network card, Belkin F5D5000. I am connected to a network through a router and cable modem. This computer is able to recognize and communicate with all other computers on the network, but it will not connect to internet addresses, not even the router address 192.168.0.1 I can, however ping any address and get a response. Why can't I get a normal internet connection? Other computers on the network connect normally to the internet. Your help would be appreciated. The Limey Check and make sure Proxy is checked to 'Automat...

Internet Explorer can't connect after VPN connection
Just in case anyone else runs into this problem.... I signed up for a PeoplePC dialup account before checking them out. Now, I will always checkout a dialup before I sign up. Their software, in addition to adding a custom toolbar to IE v6, decided to modify all of the network connections I had previously created including a secure VPN connection to work. After uninstalling their software I discovered that I could no longer browse with IE when my VPN was connected. After making sure "Use Default Gateway" was NOT enabled for the VPN and removing every shread of evidence of PPC softwar...

Web resources about - Cisco 1811 K9- VPN clients can connect, but can't connect or ping to computers - comp.dcom.sys.cisco

Computer - Wikipedia, the free encyclopedia
"Computer technology" and "Computer system" redirect here. For the company, see Computer Technology Limited . For other uses, see Computer (disambiguation) ...

Computer - Wikipedia, the free encyclopedia
"Computer technology" and "Computer system" redirect here. For the company, see Computer Technology Limited . For other uses, see Computer (disambiguation) ...

Computer Show
The first episode premiered at XOXO last month, and it brought the house down. I think you’re best off going in cold — just grab a beverage and ...

Video Of The Week: Obama Announces Computer Science For All
The President announced an initiative he calls Computer Science For All today.

Personal computers approach retirement age
My birthday was this past week. When I came to Silicon Valley in 1977 I was 24 years old. Thirty-nine years later I am 63 and a lot changed around ...

Bill Gates and Paul Allen hacked their school's computer to help Gates meet girls
Microsoft co-founders Bill Gates and Paul Allen famously met while attending Lakeside School, a private school in Seattle. Although Allen was ...

IRS computer glitch shuts down tax return e-file system
Shutdown of several tax processing systems included the e-file system and the "Where's My Refund?"

IRS experiencing computer failure: Report
The Internal Revenue Service suffered failures on "several" computer systems Wednesday in the midst of tax season, Dow Jones reported.

The Scooter Computer
When we initially deployed our handbuilt colocated servers for Discourse in 2013, I needed a way to provide an isolated VPN channel in for secure ...

Super Micro Computer, Inc. (SMCI) Given New $52.00 Price Target at Maxim Group
Super Micro Computer, Inc. (NASDAQ:SMCI) had its price target lifted by Maxim Group from $48.00 to $52.00 in a research note issued to investors ...

Resources last updated: 2/4/2016 5:15:43 AM