VPN Client help!! [7:63333]

[Antero Vasconcelos]

Hi,
I have a router connected to internet and remote clients with VPN-Client
1.1. They need to browse the networkview some hosts and access to some
network services.

the service don't work until I configure the access-list in the interface

interface Serial0.80 point-to-point
 description  Ligacao para VPNs sobre internet ***
 bandwidth 192
 ip address xxx.xxx.xxx.210 255.255.255.252
 ip access-group 180 in
 no ip route-cache
 no ip mroute-cache
 no cdp enable
 frame-relay interface-dlci 80
  class net-112k
 crypto map mymap

access-list 180 permit ahp any host xxx.xxx.xxx.210
access-list 180 permit esp any host xxx.xxx.xxx.210
access-list 180 permit udp any host xxx.xxx.xxx.210 eq isakmp
access-list 180 permit tcp any host 192.168.0.2 eq 137
access-list 180 permit tcp any host 192.168.0.2 eq 138
access-list 180 permit tcp any host 192.168.0.2 eq 139
access-list 180 permit udp any host 192.168.0.2 eq netbios-ss
access-list 180 permit udp any host 192.168.0.2 eq netbios-dgm
access-list 180 permit udp any host 192.168.0.2 eq netbios-ns
access-list 180 permit tcp any host 192.168.0.4 eq 137
access-list 180 permit tcp any host 192.168.0.4 eq 138
access-list 180 permit tcp any host 192.168.0.4 eq 139
access-list 180 permit udp any host 192.168.0.4 eq netbios-ss
access-list 180 permit udp any host 192.168.0.4 eq netbios-dgm
access-list 180 permit udp any host 192.168.0.4 eq netbios-ns
access-list 180 deny   ip any any log

Isthis necessary, or i miss something



Thx in advance.
Antero Vasconcelos




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=6t=6
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VPN Client help!! [7:63333]

[Robert Edmonds]

Don't quote me, but I do believe the access list is necessary as it actually
tells the router which traffic to encrypt.  PERMIT =ENCRYPT and DENY=DON'T
ENCRYPT.

I think the following Cisco link may help answer your question best.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secu
r_c/scprt4/scdipsec.htm#37434

Antero Vasconcelos  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi,
 I have a router connected to internet and remote clients with VPN-Client
 1.1. They need to browse the networkview some hosts and access to some
 network services.

 the service don't work until I configure the access-list in the interface

 interface Serial0.80 point-to-point
  description  Ligacao para VPNs sobre internet ***
  bandwidth 192
  ip address xxx.xxx.xxx.210 255.255.255.252
  ip access-group 180 in
  no ip route-cache
  no ip mroute-cache
  no cdp enable
  frame-relay interface-dlci 80
   class net-112k
  crypto map mymap

 access-list 180 permit ahp any host xxx.xxx.xxx.210
 access-list 180 permit esp any host xxx.xxx.xxx.210
 access-list 180 permit udp any host xxx.xxx.xxx.210 eq isakmp
 access-list 180 permit tcp any host 192.168.0.2 eq 137
 access-list 180 permit tcp any host 192.168.0.2 eq 138
 access-list 180 permit tcp any host 192.168.0.2 eq 139
 access-list 180 permit udp any host 192.168.0.2 eq netbios-ss
 access-list 180 permit udp any host 192.168.0.2 eq netbios-dgm
 access-list 180 permit udp any host 192.168.0.2 eq netbios-ns
 access-list 180 permit tcp any host 192.168.0.4 eq 137
 access-list 180 permit tcp any host 192.168.0.4 eq 138
 access-list 180 permit tcp any host 192.168.0.4 eq 139
 access-list 180 permit udp any host 192.168.0.4 eq netbios-ss
 access-list 180 permit udp any host 192.168.0.4 eq netbios-dgm
 access-list 180 permit udp any host 192.168.0.4 eq netbios-ns
 access-list 180 deny   ip any any log

 Isthis necessary, or i miss something



 Thx in advance.
 Antero Vasconcelos




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63353t=6
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]