# How to Configure Easy VPN server on Cisco 2811 router



## nicegagan

Dear experts,

We bought new Cisco 2811 router with vpn. I configured EASY VPN Server on Cisco 2811 router with Cisco SDM. Im able to Connect with Router using Cisco VPN client but Im not able to communicate with local Lan of my Router. Here Im sending complete configuration for my router and my network.

Router F0/1 : 172.16.1.42 255.255.255.0 (Local Lan need to access through Remote VPN Client this is Im not able to reach when I connect with vpn remotely)

Router F0/0 : 80.227.XXX.XXX (Public IP)

Building configuration...

Current configuration : 5761 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ctsvpn
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$.gHI$M0zCY2pPs7V/W6WjfzqMy0
enable password XXXX
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization exec default local 
aaa authorization network sdm_vpn_group_ml_1 local 
!
aaa session-id common
!
resource policy
!
ip subnet-zero
no ip routing
!
!
no ip cef
!
!
ip domain name cig.ae
ip name-server 80.227.2.2
ip name-server 80.227.2.3
ip name-server 213.132.33.15
!
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-879286165
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-879286165
revocation-check none
rsakeypair TP-self-signed-879286165
!
!
crypto pki certificate chain TP-self-signed-879286165
certificate self-signed 01
3082023D 308201A6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 
69666963 6174652D 38373932 38363136 35301E17 0D303731 31303331 39313431 
355A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F 
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3837 39323836 
31363530 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 
B91D4C9C ADEA6860 D734711E 3A9EBB28 8FF50DAC 00F158E6 942B302D CCCBE4AB 
013384D8 3F9F14A4 5F534F14 18F158F4 A157F4E5 9A1B8B0F E4E80A88 2C14ED02 
4547EA3F D526E896 A8500548 5FD96A61 3FCD80CA 7FF1AE23 74E8B17B 15E4D3AD 
FCDA0F73 D8DADC51 5C8F9D79 700707C5 1B2102EA 46A9A519 88ED15C8 B97088D9 
02030100 01A36730 65300F06 03551D13 0101FF04 05300301 01FF3012 0603551D 
11040B30 09820763 74737670 6E2E301F 0603551D 23041830 168014E4 0078CD15 
BEFAB0C2 138E8CC6 C76A1253 3ABBC430 1D060355 1D0E0416 0414E400 78CD15BE 
FAB0C213 8E8CC6C7 6A12533A BBC4300D 06092A86 4886F70D 01010405 00038181 
005E436C 0DA40403 76DF45D8 19F5C205 2934717B F7A6AB06 83102FD3 5A4C46DE 
F63F591B 10582DD7 EDFF25CB 29C629B8 8B2D46B4 BAC35F34 1B975649 48A75FCA 
82907A9C 3ACCC73F 79C6B121 134EED2E BC8CECDC D4D855F0 C8F0D5B8 A8C0DC7B 
92A27298 E336F27B C764E588 0007ED34 FA28B7B2 E5A6FC2A A6CAAEB9 5AD8137D AA
quit
username admin privilege 15 secret 5 $1$d3fS$Gb1rsMIhAvsVYz/rePZZc1
!
! 
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp xauth timeout 15

!
crypto isakmp client configuration group ctsvpn
key XXXXX
dns 172.16.1.50 172.16.1.51
wins 172.16.1.50
domain cig.ae
pool SDM_POOL_1
include-local-lan
netmask 255.255.255.0
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA 
reverse-route
!
!
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1 
!
!
!
!
interface FastEthernet0/0
description $ETH-WAN$
ip address 80.227.XXX.XXX 255.255.255.0
ip access-group 100 in
no ip route-cache
duplex auto
speed auto
crypto map SDM_CMAP_1
!
interface FastEthernet0/1
ip address 172.16.1.42 255.255.255.0
ip access-group 101 in
no ip route-cache
duplex half
speed auto
no mop enabled
!
interface Serial0/0/0
no ip address
no ip route-cache
shutdown
clock rate 2000000
!
interface Serial0/0/1
no ip address
no ip route-cache
shutdown
clock rate 2000000
!
ip local pool SDM_POOL_1 172.16.25.1 172.16.25.50
ip default-gateway 80.227.XXX.XXX
ip classless
!
!
ip http server
ip http access-class 1
ip http secure-server
!
access-list 1 remark Auto generated by SDM Management Access feature
access-list 1 remark SDM_ACL Category=1
access-list 1 permit 172.16.1.0 0.0.0.255
access-list 1 permit 91.75.80.0 0.0.0.255
access-list 100 remark Auto generated by SDM Management Access feature
access-list 100 remark SDM_ACL Category=1
access-list 100 permit tcp 91.75.80.0 0.0.0.255 host 80.227.146.250 eq 443
access-list 100 deny tcp any host 80.227.146.250 eq telnet
access-list 100 deny tcp any host 80.227.146.250 eq 22
access-list 100 deny tcp any host 80.227.146.250 eq www
access-list 100 deny tcp any host 80.227.146.250 eq 443
access-list 100 deny tcp any host 80.227.146.250 eq cmd
access-list 100 deny udp any host 80.227.146.250 eq snmp
access-list 100 permit ip any any
access-list 101 remark Auto generated by SDM Management Access feature
access-list 101 remark SDM_ACL Category=1
access-list 101 permit tcp 172.16.1.0 0.0.0.255 host 172.16.1.42 eq telnet
access-list 101 permit tcp 172.16.1.0 0.0.0.255 host 172.16.1.42 eq 22
access-list 101 permit tcp 172.16.1.0 0.0.0.255 host 172.16.1.42 eq www
access-list 101 permit tcp 172.16.1.0 0.0.0.255 host 172.16.1.42 eq 443
access-list 101 permit tcp 172.16.1.0 0.0.0.255 host 172.16.1.42 eq cmd
access-list 101 deny tcp any host 172.16.1.42 eq telnet
access-list 101 deny tcp any host 172.16.1.42 eq 22
access-list 101 deny tcp any host 172.16.1.42 eq www
access-list 101 deny tcp any host 172.16.1.42 eq 443
access-list 101 deny tcp any host 172.16.1.42 eq cmd
access-list 101 deny udp any host 172.16.1.42 eq snmp
access-list 101 permit ip any any
access-list 102 remark Auto generated by SDM Management Access feature
access-list 102 remark SDM_ACL Category=1
access-list 102 permit ip 172.16.1.0 0.0.0.255 any
snmp-server community public RO
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
access-class 102 in
password [email protected]
!
scheduler allocate 20000 1000
!
end




-----------------------------------
Thanks 
Gagan


----------

