alirezasooni

Members
  • Content count

    2
  • Joined

  • Last visited

Community Reputation

0 Neutral

About alirezasooni

  • Rank
    Newbie
  1. Hi every body I have configured my cisco 2911 as PPTP server, and my clients connect without any problem, but they cant have access my lan, when I see route print output on my windows there is no default route for vpn tunnel, I have used this configuration on another router and I can see the route, here is my router configuration: Router configuration: Current configuration : 8038 bytes ! ! Last configuration change at 10:30:16 UTC Sun May 18 2014 by etickr ! NVRAM config last updated at 10:20:16 UTC Sun May 18 2014 by etickr ! NVRAM config last updated at 10:20:16 UTC Sun May 18 2014 by etickr version 15.1 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname etick_edge ! boot-start-marker boot-end-marker ! ! logging buffered 51200 warnings enable secret 4 nH4GhP.nqSkUTxuTQ7zHRXJezQoQ598XBK3LPOzQp3A ! no aaa new-model ! no ipv6 cef ip source-route ip cef ! ! ! ! ! no ip domain lookup ip domain name yourdomain.com multilink bundle-name authenticated ! vpdn enable ! vpdn-group 1 ! Default PPTP VPDN group accept-dialin protocol pptp virtual-template 1 l2tp tunnel timeout no-session 15 ! ! ! ! ! ! ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 description local network ip address 10.0.0.1 255.255.255.252 ip nat inside ip virtual-reassembly in ip policy route-map PBR duplex auto speed auto ! interface GigabitEthernet0/1 ip address 46.x.x.x 255.255.255.224 ip mtu 1200 ip nat outside ip virtual-reassembly in duplex auto speed auto ! interface GigabitEthernet0/2 description shatel ip address 192.168.130.22 255.255.255.0 ip mtu 1200 ip nat outside ip virtual-reassembly in duplex auto speed auto ! interface Virtual-Template1 ip unnumbered GigabitEthernet0/1 ip nat inside ip virtual-reassembly in peer default ip address pool tvm ppp authentication pap chap ms-chap ! ip local pool tvm 192.168.3.20 192.168.3.30 ip forward-protocol nd ! ip http server ip http access-class 23 ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! ip nat inside source route-map ISP-RESPINA interface GigabitEthernet0/1 overload ip nat inside source route-map ISP-SHATEL interface GigabitEthernet0/2 overload ip route 0.0.0.0 0.0.0.0 46.209.221.65 ip route 0.0.0.0 0.0.0.0 192.168.130.1 ip route 10.0.1.0 255.255.255.252 10.0.0.2 ip route 192.168.0.0 255.255.255.0 10.0.0.2 ip route 192.168.2.0 255.255.255.0 10.0.0.2 ip route 192.168.110.0 255.255.255.0 10.0.0.2 ! ip access-list extended respina permit ip any any permit icmp any any ip access-list extended shatel permit ip host 192.168.0.161 any permit ip host 192.168.0.132 any permit ip host 192.168.0.75 any permit ip host 192.168.0.153 any permit ip host 192.168.0.160 any permit ip host 192.168.0.164 any permit ip host 192.168.0.39 any permit ip host 192.168.0.47 any permit ip host 192.168.0.187 any permit ip host 192.168.0.76 any ip access-list extended test ! access-list 1 permit 192.168.0.0 0.0.0.255 access-list 1 permit 192.168.110.0 0.0.0.255 access-list 1 permit 192.168.3.0 0.0.0.255 access-list 23 permit 10.10.10.0 0.0.0.7 access-list 46 permit 46.209.221.66 access-list 110 permit ip host 192.168.110.10 any ! route-map ISP-RESPINA permit 10 match ip address 1 match interface GigabitEthernet0/1 ! route-map PBR permit 10 match ip address shatel set ip next-hop 192.168.130.1 ! route-map PBR permit 30 match ip address respina set ip next-hop 46.209.221.65 ! route-map ISP-SHATEL permit 10 match ip address 1 match interface GigabitEthernet0/2 ! ! ! control-plane ! ! ! line con 0 login local line aux 0 line 2 no activation-character no exec transport preferred none transport input all transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 privilege level 15 login local transport input telnet ssh line vty 5 15 privilege level 15 login local transport input telnet ssh ! scheduler allocate 20000 1000 end
  2. hi every body I wanna to setup VPN server in cisco 2911 router, how can I define users that only can connect through VPN connection to my router and I want this users be unable to telnet or ssh my router?