Protoform-X
[H]ard|Gawd
- Joined
- Jan 30, 2002
- Messages
- 1,203
I have a UC500 series phone system that I installed for a client. The client is requesting that their remote users who use the Cisco VPN client to connect to the UC500's EZVPN server be able to access local network resources. That sounds simple enough, but I really don't know anything about Cisco VPN configuration, so I was hoping someone could give me a break down of what to do. Here's a break down of some of my config. I can provide more as needed:
*Phones work over the VPN and split-tunneling is enabled* - Initially that's all the access they needed.
Data VLAN: 10.105.0.x
Voice VLAN: 10.1.1.x
Unity Express: 10.1.10.1
show run | section crypto:
ACL 100:
NAT:
ACL 1:
NAT problem? Route problem? I'm not sure, any help is appreciated. Please let me know if more config info is needed and I will provide it.
*Phones work over the VPN and split-tunneling is enabled* - Initially that's all the access they needed.
Data VLAN: 10.105.0.x
Voice VLAN: 10.1.1.x
Unity Express: 10.1.10.1
show run | section crypto:
Code:
UC540#sh run | sec crypto
<SNIP>
ip local pool SDM_POOL_1 172.20.20.1 172.20.20.50
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group EZVPN_GROUP_1
key (REMOVED)
dns 10.105.0.10
pool SDM_POOL_1
acl 100
save-password
max-users 10
crypto isakmp profile sdm-ike-profile-1
match identity group EZVPN_GROUP_1
client authentication list Foxtrot_sdm_easyvpn_xauth_ml_1
isakmp authorization list Foxtrot_sdm_easyvpn_group_ml_1
client configuration address respond
virtual-template 9
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec profile SDM_Profile1
set transform-set ESP-3DES-SHA
ACL 100:
Code:
UC540#sh run | sec access-list 100
access-list 100 remark SDM_ACL Category=4
access-list 100 permit ip 10.105.0.0 0.0.0.255 any
access-list 100 permit ip 10.1.10.0 0.0.0.255 any
access-list 100 permit ip 10.1.1.0 0.0.0.255 any
NAT:
Code:
ip nat inside source list 1 interface FastEthernet0/0 overload
ACL 1:
Code:
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.105.0.0 0.0.0.255
access-list 1 permit 10.1.1.0 0.0.0.255
access-list 1 permit 10.1.10.0 0.0.0.3
NAT problem? Route problem? I'm not sure, any help is appreciated. Please let me know if more config info is needed and I will provide it.