VPN on a Stick
ahmedahmed
Member Posts: 41 ■■□□□□□□□□
I have set up VPN on a stick on my router and my VPN is established but I cant get routed back to the internet afterthe client gets the VPN connection.
What I require is that users connect to the router through a VPN (on cisco router) and then the VPN traffic get routed through the internet to a remote network. I am required to use a sing interface so I used VPN on a stick.(VPN with Nat on a stick).
Below is my configuration:
aaa new-model
aaa authentication login userauthen local
aaa authorization network groupauthor local
username user password 0 cisco
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group vpnclient
key cisco123
pool ippool
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto dynamic-map dynmap 10
set transform-set myset
reverse-route
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
interface Loopback0
ip address 10.11.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
interface gi0/1
ip address 216.x.x.x 255.255.255.0
ip nat outside
ip virtual-reassembly
ip policy route-map VPN-Client
duplex auto
speed auto
crypto map clientmap
ip local pool ippool 192.168.1.1 192.168.1.2
ip route 0.0.0.0 0.0.0.0 216.x.x..y
ip nat inside source list 101 interface gi0/1 overload
access-list 101 permit ip any any
access-list 144 permit ip 192.168.1.0 0.0.0.255 any
route-map VPN-Client permit 10
match ip address 144
set ip next-hop 10.11.0.2
What I require is that users connect to the router through a VPN (on cisco router) and then the VPN traffic get routed through the internet to a remote network. I am required to use a sing interface so I used VPN on a stick.(VPN with Nat on a stick).
Below is my configuration:
aaa new-model
aaa authentication login userauthen local
aaa authorization network groupauthor local
username user password 0 cisco
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group vpnclient
key cisco123
pool ippool
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto dynamic-map dynmap 10
set transform-set myset
reverse-route
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
interface Loopback0
ip address 10.11.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
interface gi0/1
ip address 216.x.x.x 255.255.255.0
ip nat outside
ip virtual-reassembly
ip policy route-map VPN-Client
duplex auto
speed auto
crypto map clientmap
ip local pool ippool 192.168.1.1 192.168.1.2
ip route 0.0.0.0 0.0.0.0 216.x.x..y
ip nat inside source list 101 interface gi0/1 overload
access-list 101 permit ip any any
access-list 144 permit ip 192.168.1.0 0.0.0.255 any
route-map VPN-Client permit 10
match ip address 144
set ip next-hop 10.11.0.2