Oi… this is complicated for me.
I’m trying to setup IPSec VPN on a Cisco 2900 series router. I set it up previously using the MS IAS for radius authentication/authorization and using local group authentication in this post.
Now, I connect to the router with my VPN client OK but I can’t communicate with the remote LAN (Router-side inside network) for some reason… I don’t even see the ACLs incrementing for the ACL specified in the VPN configuration!
Through googling, I found this information:
! Doesn't work: ip nat inside source route-map nonat interface Serial0 overload ip nat inside source list 1 interface Serial0 overload
So, I incorporated that and also split-tunneling and have this:
!NEW ip nat inside source list 101 interface GigabitEthernet0/0 overload !OLD !ip nat inside source route-map nonat interface GigabitEthernet0/0 overload access-list 1 permit 10.0.0.0 0.0.0.255 access-list 101 deny ip 10.0.0.0 0.0.0.255 172.16.1.0 0.0.0.255 access-list 101 permit ip 10.0.0.0 0.0.0.255 any route-map nonat permit 10 match ip address 100 interface GigabitEthernet0/0 !OLD !ip policy route-map nonat
If I show access-list, I do not see access-list 100 incrementing!
Why is this happening? =(
