Ip nat inside source route-map SDM_RMAP_2 interface FastEthernet1 overload Ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0 overload Ip nat inside source static tcp 192.168.10.4 interface FastEthernet0
Ip nat inside source static tcp 192.168.10.250 interface FastEthernet0 Tunnel protection ipsec profile SDM_Profile1ĭescription $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$FW_INSIDE$$ES_LAN$ Service-policy output sdmappfwp2p_SDM_LOW Isakmp authorization list sdm_vpn_group_ml_1Ĭrypto ipsec transform-set CLIENT_VPN esp-aes 256 esp-sha-hmacĬrypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac Subject-name cn=IOS-Self-Signed-Certificate-Ĭrypto pki certificate chain TP-self-signed-Ĭrypto isakmp client configuration group divisionalĬrypto isakmp client configuration group executive
!This is a very heavily trimmed running config of the router: 192.168.10.253Īaa authorization network sdm_vpn_group_ml_1 local Well here goes nothin! Hopin it aint worth nothin though. but help from anyone would be appreciated. I did notice Federico was working on something very similar to this. The user can get to the 10 subnet and any server on it, but not to the 'server farm' on subnet 192.168.11.0. The Router is on subnet 192.168.10.0 as are all the switches, vlans are set up through vtp on the 12G with all other switches being 'vtp clients' including the router. VPN Client - Router1811 - split trunk - C3550-12G - trunked - multiple C3550s - Servers/Wstns
I have read enough to know that it's most likely NAT related but am unsure as to where to put that information.ĭoes it go in the NAT related to the E0 (gateway outbound to internet) interface, to the vlan10 (the vlan the router actually resides on) or do I create another one and apply it to the crypto ipsec and isakmp side of things that VPN users use? I have just changed my flat lan to a multi vlan environment but I now need assistance to get my VPN back working again as the VPN user can't access servers that are not on the 'gateway' vlan.
0 kommentar(er)
