Hi,

Under this message I have post the running config of a Cisco 827
router with vpn availabilities. With the running config is it possible
to make (intern in LAN) a VPN connection with the Cisco VPN Client.

I'm only getting a ping to the Ip address of the router, other
traffic is not possible. Making a VPN connection from internet is not
possible. :-(

Who can help me with this configuration? I need a config witch gives
me VPN access from internet to the local network.

And if possible I need access with the VPN connection (!) to 1 IP
address on the internet from the 827 router.... The reason is an IP
firewall filter, access is granted only for my public IP address.

I hope some engineers or system integrators can help me. :-)

With regards,
DK



!
!
version 12.3
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service linenumber
!
!
hostname XXXXXXXXXXXX
!
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 XXXXXXXXXXXX
enable password 7 XXXXXXXXXXXX
!
!
clock timezone GMT 1
clock summer-time Europe/Berlin date Mar 30 2003 1:00 Oct 26 2003 2:00
!
aaa new-model
!
aaa authentication login userauthen local
aaa authentication ppp default local
aaa authorization network groupauthor local
aaa session-id common
!
!
username XXXXXXXXXXXX password 7 XXXXXXXXXXXX
username XXXXXXXXXXXX password 7 XXXXXXXXXXXX
!
!
ip subnet-zero
ip tcp synwait-time 10
ip domain list lan
ip domain name base
ip name-server XXXXXXXXXXXX
ip name-server XXXXXXXXXXXX
!
ip local pool ippool 172.16.0.1 172.16.0.5
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0 permanent
!
no ip source-route
no ip bootp server
no ip http server
no ip http secure-server
no service finger
no ip domain-lookup
!
!
ip dhcp-server 10.0.0.3
ip dhcp pool dhcprange
network 10.0.0.0 255.255.255.224
default-router 10.0.0.3
dns-server 194.109.6.66
!
ip dhcp excluded-address 10.0.0.1 10.0.0.10
!
!
ip inspect audit-trail
ip inspect name FWall http
ip inspect name FWall cuseeme
ip inspect name FWall smtp
ip inspect name FWall tcp
ip inspect name FWall udp
ip inspect name FWall ftp
ip inspect name FWall h323
ip inspect name FWall netshow
ip inspect name FWall rcmd
ip inspect name FWall sqlnet
ip inspect name FWall streamworks
ip inspect name FWall tftp
ip inspect name FWall vdolive
ip inspect name FWall realaudio
ip inspect name FWall rtsp
ip inspect name FWall fragment
ip inspect name FWall icmp
ip inspect name FWall sip
ip inspect name FWall skinny
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group XXXXXXXXXXXX
key XXXXXXXXXXXX
dns 194.109.6.66
domain base
pool ippool
acl 108
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 10
reverse-route
set transform-set myset
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
interface Ethernet0
description Local Network Interface (10 mbit)
bandwidth 10000000
ip address 10.0.0.3 255.255.255.224
ip access-group 101 in
ip nat inside
crypto map clientmap
ip inspect FWall in
no ip route-cache
no keepalive
no cdp enable
hold-queue 100 out
no shutdown
!
interface ATM0
no ip address
no shutdown
no ip route-cache
no atm ilmi-keepalive
bundle-enable
load-interval 30
dsl operating-mode auto
pvc 0 8/48
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Dialer0
ip address negotiated
ip access-group 110 in
ip nat outside
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer-group 1
no cdp enable
crypto map clientmap
ppp authentication pap callin
ppp pap sent-username XXXXXXXXXXXX password 7 XXXXXXXXXXXX
!
ip nat inside source list 102 interface Dialer0 overload
!
no logging console
logging buffered
!
!
access-list 101 remark Inside Traffic Router Out
access-list 101 permit ip any any
!
access-list 102 remark Inside Traffic Router Out
access-list 102 permit ip 10.0.0.0 0.0.0.31 any
!
access-list 110 remark Outside Traffic Router In
access-list 110 permit esp any any
access-list 110 permit udp any any eq isakmp
access-list 110 permit udp any any eq non500-isakmp
access-list 110 permit tcp any any eq 10000
access-list 110 permit udp any any eq 10000
access-list 110 deny ip any any log
!
access-list 1 remark The local LAN
access-list 1 permit 10.0.0.0 0.0.0.31
!
access-list 108 remark The VPN LAN
access-list 108 permit ip 172.16.0.0 0.0.255.255 10.0.0.0 0.0.0.31
!
!
dialer-list 1 protocol ip permit
no cdp run
!
!
banner motd ^C
__________________________________________________ ________________

| |
||| |||
||||| |||||
||||||||| |||||||||
||||||||||||||||||||||||| Configured by: XXXXXXXXXXXX

C I S C O - S Y S T E M S Date: Jan 2005

------------------------------------------------------------------
* ALL ACCESS FORBIDDEN! - Verboden voor onbevoegden! *
------------------------------------------------------------------
__________________________________________________ ________________
^C
!
!
line con 0
transport preferred all
transport output all
stopbits 1
!
!
line vty 0 4
password 7 104A0C170B1E011F0908242E30
transport preferred all
access-class 1 in
transport input all
transport output all
login authentication userauthen
!
!
scheduler max-task-time 5000
!
sntp server XXXXXXXXXXXX
!
end