c2821 vpn with bgp problem

From: ted <ted@xxxxxxxxxx>
Date: Wed, 16 Jan 2008 21:27:40 +0100

Helo all

I have problem with configuring remote access. Now I have bgp with 1 peer.

Bgp address p2p 195.91.191.2/30 and my network PI 191.181.81.0/23
I'd like cisco vpn clients can access all internet via router.

I read this:

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a008073b06b.shtml#intro

and i make config below, but i have problem with access world. Access to my LAN is not stable. Some address from pool CLIENT_POOL2 answer correct and some not from cisco vpn client

version 12.4

crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group VPN
key secret_key
dns 192.168.1.16
wins 192.168.1.16
pool CLIENT_POOL2
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac

crypto dynamic-map dynmap 1
set transform-set myset
reverse-route
!
crypto map dynmap client authentication list userauthen
crypto map dynmap isakmp authorization list groupauthor
crypto map dynmap client configuration address respond
crypto map dynmap 1 ipsec-isakmp dynamic dynmap

!
interface Loopback0
ip address 10.11.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!

interface GigabitEthernet0/0
description My LAN
ip address 192.168.1.1 255.255.248.0
ip access-group 105 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no cdp enable

!
interface Vlan2
description BGP peer
ip address 191.181.81.129 255.255.255.128 secondary
ip address 195.91.191.2 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip policy route-map VPN-Client
crypto map dynmap
!

!
interface Vlan3
description my PI address
ip address 191.181.81.1 255.255.255.128
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
!
ip local pool CLIENT_POOL2 192.168.10.1 192.168.10.254

ip nat inside source list NAT interface Vlan2 overload

ip access-list extended NAT
deny ip 192.168.10.0 0.0.0.255 any
permit ip 192.168.0.0 0.0.255.255 any

!
route-map VPN-Client permit 10
match ip address 144
set interface Loopback0
!
access-list 144 permit ip 192.168.10.0 0.0.0.255 any

sh access-list 144
Extended IP access list 144
10 permit ip 192.168.10.0 0.0.0.255 any (3885 matches)

sh access-lists NAT
Extended IP access list NAT
20 permit ip 192.168.0.0 0.0.255.255 any (2757 matches)

thx for help

Ted
.

Follow-Ups:
- Re: c2821 vpn with routing problem
  - From: ted

Prev by Date: Re: Cisco 1841 and SDSL WIC Card
Next by Date: Voip Wikipedia '08 !
Previous by thread: Cisco 1841 and SDSL WIC Card
Next by thread: Re: c2821 vpn with routing problem
Index(es):
- Date
- Thread

Relevant Pages

Re: cisco static nat
... Current configuration: ... interface Ethernet0/0 ... no ip directed-broadcast ... ip nat outside ...
(microsoft.public.windows.server.networking)
Re: cannot ping from subnet A to subnet B for a specific host
... Interface, and the Interface on the .5 network as the destination NAT ... Cisco configuration so I'm not sure whether the router will route packets ...
(microsoft.public.win2000.dns)
Re: Simple virtual NAT question
... First you have to define what you are natting to (be it an interface, ... A basic configuration would be something like this: ... ip nat inside source list 101 interface dialer1 overload ...
(comp.dcom.sys.cisco)
Re: Need help configuring PIX 501 after ISP IP adddress change
... Here are the "old" lines in the configuration that may be of note: ... nat 0 access-list nonat ... "interface" option. ... And be sure you can ping the default gateway from the PIX before ...
(comp.dcom.sys.cisco)
Re: SBS 2003 Misconfigured?
... I could 'guess' that the configuration, as you described it, is the netopia ... configured as a bridge and the netgear as the NAT device. ...
(microsoft.public.windows.server.sbs)