Re: strange remote VPN from Johnny B CCIE on 2009-11-14 (Ccielab archives 11/2009)

From: Johnny B CCIE <jbccie_at_gmail.com>
Date: Sat, 14 Nov 2009 11:46:29 -0500

SDM? Ok.

What does your routing table look like from both the client and the
vpn device? I suspect that the route you injecting the reverse route
into is not getting redistributed properly into your routing table. So
you will probably need to either create a static route, redistribute,
or add the network of the client into the routing process.

debug crypto ipsec - this command will tell us a little more about the
problem you are having and what routes are known.

On Sat, Nov 14, 2009 at 11:08 AM, CCIE <ccie_at_axizo.com> wrote:
>
>
> crypto isakmp policy 1
> encr 3des
> authentication pre-share
> group 2
> !
> crypto isakmp client configuration group MICO_CAT_GROUP
> key CISCO
> pool SDM_POOL_1
> acl 100
> netmask 255.255.255.0
> !
> ip local pool SDM_POOL_1 10.10.10.1 10.10.10.254
> !
> crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
> !
> crypto dynamic-map SDM_DYNMAP_1 1
> set transform-set ESP-3DES-SHA
> reverse-route
> !
> !
> crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1
> crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1
> crypto map SDM_CMAP_1 client configuration address respond
> crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
> !
>
> !
> interface FastEthernet0/0
>
> crypto map SDM_CMAP_1
> !
>
> access-list 100 permit ip 192.168.2.0 0.0.0.255 any
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Johnny B CCIE
> Sent: Saturday, November 14, 2009 5:53 PM
> To: groupstudy
> Subject: Re: strange remote VPN
>
> Amin would you be willing to submit the configuration? You have asked
> the question on a technical study forum and unless you just want an
> opinion on your question you might want the proof.
>
> On Sat, Nov 14, 2009 at 10:49 AM, CCIE <ccie_at_axizo.com> wrote:
>> Hi experts,
>>
>> I have a VPN server on 1841 router, whenever I connect to it using the VPN
>> client software I can access just on device behind that VPN server (this
> is
>> the first one that I start access),if I disconnect then reconnect I can
>> access another one and continue accessing just this new one, and so on
> just
>> one device per session (the one that I start access).
>>
>> Any advice about that?
>>
>> Regards,
>>
>> Amin
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus signature
> database 4607 (20091114) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus signature
> database 4607 (20091114) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com

Blogs and organic groups at http://www.ccie.net
Received on Sat Nov 14 2009 - 11:46:29 ART

This archive was generated by hypermail 2.2.0 : Tue Dec 01 2009 - 06:36:29 ART