locked
VPN Established but no access to the internal network resources RRS feed

  • Question

  • I have a Cisco Router 2921 which i am using to establish a VPN Connection to a remote site. I would like to access the internal network but most especially the server ip 192.168.90.222. I have managed to establish the vpn connection and i have also been able to ping the internal interface 192.168.90.1 but i cannot reach, ping or remote desktop the server and any other resources.

    My Current Config looks like this;

    crypto isakmp policy 100
     encr 3des
     authentication pre-share
     group 2
    !
    crypto isakmp policy 101
     encr 3des
     hash md5
     authentication pre-share
     group 2
    !
    crypto isakmp client configuration group GroupVPN
     key lw-sfh
     dns 192.168.90.222
     domain studiofh.net
     pool VPNPOOL
     acl 120
     max-users 5
    !
    !
    crypto ipsec transform-set SetVPN esp-3des esp-md5-hmac
    !
    crypto ipsec profile VPN-Profile-1
     set transform-set SetVPN
    !
    !
    crypto dynamic-map DynamicVPN 100
     set transform-set SetVPN
     reverse-route
    !
    !
    crypto map StaticMap client authentication list UserVPN
    crypto map StaticMap isakmp authorization list GroupVPN
    crypto map StaticMap client configuration address respond
    crypto map StaticMap 20 ipsec-isakmp dynamic DynamicVPN
    !
    !
    !
    !
    !
    interface GigabitEthernet0/0
     ip address x.x.x.x x.x.x.x
     ip nat outside
     ip virtual-reassembly
     duplex auto
     speed auto
     crypto map StaticMap
    !
    interface GigabitEthernet0/1
     ip address 192.168.90.1 255.255.255.0
     ip nat inside
     ip virtual-reassembly
     duplex auto
     speed auto
    !
    interface GigabitEthernet0/2
     no ip address
     duplex auto
     speed auto
    !
    interface FastEthernet0/0/0
     no ip address
     shutdown
     duplex auto
     speed auto
    !
    interface FastEthernet0/0/1
     no ip address
     shutdown
     duplex auto
     speed auto
    !
    interface Virtual-Template2 type tunnel
     ip address 192.168.40.1 255.255.255.0
     tunnel mode ipsec ipv4
    !
    ip local pool VPNPOOL 192.168.40.20 192.168.40.25
    ip forward-protocol nd
    !
    ip http server
    no ip http secure-server
    !
    ip nat inside source list 100 interface GigabitEthernet0/0 overload
    ip route 0.0.0.0 0.0.0.0 x.x.x.x
    !
    access-list 100 remark [Deny NAT for VPN Clients]=-
    access-list 100 deny   ip 192.168.90.0 0.0.0.255 host 192.168.40.20
    access-list 100 deny   ip 192.168.90.0 0.0.0.255 host 192.168.40.21
    access-list 100 deny   ip 192.168.90.0 0.0.0.255 host 192.168.40.22
    access-list 100 deny   ip 192.168.90.0 0.0.0.255 host 192.168.40.23
    access-list 100 deny   ip 192.168.90.0 0.0.0.255 host 192.168.40.24
    access-list 100 deny   ip 192.168.90.0 0.0.0.255 host 192.168.40.25
    access-list 100 remark -=[Internet NAT Service]=-
    access-list 100 permit ip 192.168.90.0 0.0.0.255 any
    access-list 120 remark ==[Cisco VPN Users]==
    access-list 120 permit ip 192.168.90.0 0.0.0.255 192.168.40.0 0.0.0.255
    access-list 120 permit ip any host 192.168.40.20
    access-list 120 permit ip any host 192.168.40.21
    access-list 120 permit ip any host 192.168.40.22
    access-list 120 permit ip any host 192.168.40.23
    access-list 120 permit ip any host 192.168.40.24
    access-list 120 permit ip any host 192.168.40.25

    I wonder what is missing in my config. Please help?

    Sunday, July 12, 2020 11:42 AM

All replies

  • Hi,

    There are a number of possible causes for such a behavior. Please refer this guide and find ways suit for your situaion:
    https://www.equinux.com/us/faq/644/2/The-VPN-seems-connected-but-I-cant-connect-to-my-server-or-transfer-data-What-is-wrong?site=equinux.com&tab=faq

    This "Network Infrastructure Servers" Forum will be migrating to a new home on Microsoft Q&A, please refer to this sticky post for more details.

    Best regards

    Cherry


    "Network Infrastructure Servers" forum will be migrating to a new home on Microsoft Q&A!

    We invite you to post new questions in the "Network Infrastructure Servers"  forum's new home on Microsoft Q&A!

    For more information, please refer to the sticky post.


    Monday, July 13, 2020 2:19 AM
  • Hi,

     

    Just want to confirm the current situations.

    Please feel free to let us know if you need further assistance.

     

    This "Network Infrastructure Servers" Forum will be migrating to a new home on Microsoft Q&A, please refer to this sticky post for more details.

    Best Regards,

    Cherry


    "Network Infrastructure Servers" forum will be migrating to a new home on Microsoft Q&A!

    We invite you to post new questions in the "Network Infrastructure Servers"  forum's new home on Microsoft Q&A!

    For more information, please refer to the sticky post.


    Wednesday, July 15, 2020 3:01 AM
  • Hi,

     

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    This "Network Infrastructure Servers" Forum will be migrating to a new home on Microsoft Q&A, please refer to this sticky post for more details.

    Best Regards,

    Cherry



    "Network Infrastructure Servers" forum will be migrating to a new home on Microsoft Q&A!

    We invite you to post new questions in the "Network Infrastructure Servers"  forum's new home on Microsoft Q&A!

    For more information, please refer to the sticky post.


    Friday, July 17, 2020 5:33 AM
  • Hi,

     

    Just want to confirm the current situations.

    Please feel free to let us know if you need further assistance.

     

    This "Network Infrastructure Servers" Forum will be migrating to a new home on Microsoft Q&A, please refer to this sticky post for more details.

    Best Regards,

    Cherry


    "Network Infrastructure Servers" forum will be migrating to a new home on Microsoft Q&A!

    We invite you to post new questions in the "Network Infrastructure Servers"  forum's new home on Microsoft Q&A!

    For more information, please refer to the sticky post.


    Monday, July 20, 2020 1:51 AM
  • Hi,

     

    As this thread has been quiet for a while, we will propose it as ‘Answered’ as the information provided should be helpful.

     

    If you need further help, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.

    This "Network Infrastructure Servers" Forum will be migrating to a new home on Microsoft Q&A, please refer to this sticky post for more details.

    Best Regards,

    Cherry


    "Network Infrastructure Servers" forum will be migrating to a new home on Microsoft Q&A!

    We invite you to post new questions in the "Network Infrastructure Servers"  forum's new home on Microsoft Q&A!

    For more information, please refer to the sticky post.


    Wednesday, July 22, 2020 1:40 AM