From: Jason Aarons (jaarons@hotmail.com)
Date: Thu Dec 02 2004 - 19:58:24 GMT-3
If I remove acl Outside_Screen_In from the serial interface then the
Cisco VPN Client on the Ethernet lan works connecting to a 3005 VPN
Concentrator on the Internet -jason Do you see what I am missing permit
in ACL Outside_Screen_In ? interface serial 0.1 ip address 66.109.64.250
255.255.255.252
ip access-group Outside_Screen_In in ip nat inside
ip nat inside source list 101 interface Serial0.1 overload
!Extended IP access list Outside_Screen_In
10 deny ip 192.168.0.0 0.0.255.255 any
20 deny ip 172.16.0.0 0.15.255.255 any
30 deny ip 10.0.0.0 0.255.255.255 any (8 matches)
40 deny ip 127.0.0.0 0.255.255.255 any
50 deny ip 255.0.0.0 0.255.255.255 any
60 deny ip 224.0.0.0 7.255.255.255 any
70 deny ip host 0.0.0.0 any
80 deny ip host 66.109.64.250 any
90 permit udp any any eq isakmp (375 matches)
100 permit esp any any (200 matches)
110 permit ahp any any
120 permit tcp any any eq 500
130 permit tcp any any eq 389 (129 matches)
140 permit tcp any any eq 709
150 permit udp any any eq non500-isakmp 160 deny ip any any
------------------------------------------------------------------------
Rock, jazz, country, soul & more. Find the music you love on MSN Music!
This archive was generated by hypermail 2.1.4 : Mon Jan 03 2005 - 10:31:23 GMT-3