Files Shares & Site to Site VPN

Files Shares & Site to Site VPN: Posted by robertm@performancematerials.com on August 31st, 2006; Hello,

I have a site to site vpn. Here is the layout:

Internal
|
Cisco 1841
|
T1
|
Symantec Router
|
Branch Office

The VPN link establishes very vell I can ping the server in the branch
office, however I can't access the files shares on the branch server. I
know I have access, so I am wondering if there is something I am
missing?

Posted below is my configuration:

Using 6453 out of 196600 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname PMCGateway
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 10 log
security passwords min-length 6
logging buffered 51200 errors
logging console critical
enable secret 5 ...
enable password 7 ...
!
aaa new-model
!
!
aaa authentication login local_auth local
aaa authentication login china local
aaa authorization network china local
!
aaa session-id common
no ip source-route
no ip gratuitous-arps
ip cef
!
!
ip tcp synwait-time 10
ip tcp intercept connection-timeout 3600
ip tcp intercept watch-timeout 15
ip tcp intercept max-incomplete low 450
ip tcp intercept max-incomplete high 550
ip tcp intercept drop-mode random
!
!
no ip bootp server
no ip domain lookup
ip domain name sbspmc.local
ip name-server x.x.x.5
ip name-server x.x.x.2
ip ssh time-out 60
ip ssh authentication-retries 2
ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall ftp
ip inspect name firewall pptp
ip inspect name firewall smtp
ip inspect name firewall http
ip inspect name firewall isakmp
ip inspect name firewall dns
ip inspect name firewall icmp
ip ips sdf location flash://128MB.sdf
ip ips notify SDEE
ip ips name sdm_ips_rule
login block-for 10 attempts 10 within 10
!
!
!
username ...
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
lifetime 500
crypto isakmp key ************** address 207.x.x.3
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
!
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to202.x.x.3
set peer 202.x.x.3
set transform-set ESP-3DES-SHA
match address 102
!
!
!
!
interface Null0
no ip unreachables
!
interface FastEthernet0/0
description $FW_INSIDE$$ETH-LAN$
ip address x.x.x.1 255.255.224.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
ip nat inside
ip virtual-reassembly
ip route-cache flow
speed auto
half-duplex
no mop enabled
!
interface FastEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
ip route-cache flow
shutdown
duplex auto
speed auto
no mop enabled
!
interface Serial0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation frame-relay IETF
ip route-cache flow
no ip mroute-cache
service-module t1 timeslots 1-24
frame-relay lmi-type ansi
!
interface Serial0/0/0.1 point-to-point
description $FW_OUTSIDE$
bandwidth 1536
ip address 207.x.x.89 255.255.248.0
ip access-group 101 in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect firewall in
ip inspect firewall out
ip ips sdm_ips_rule in
ip ips sdm_ips_rule out
ip virtual-reassembly
no cdp enable
frame-relay interface-dlci 16
crypto map SDM_CMAP_1
!
ip route 0.0.0.0 0.0.0.0 207.x.x.1
!
!
ip http server
ip http access-class 2
no ip http secure-server
ip nat inside source route-map SDM_RMAP_1 interface Serial0/0/0.1
overload
ip nat inside source static tcp x.x.x.3 80 interface Serial0/0/0.1 80
ip nat inside source static tcp x.x.x.3 20 interface Serial0/0/0.1 20
ip nat inside source static tcp x.x.x.3 21 interface Serial0/0/0.1 21
ip nat inside source static tcp x.x.x.9 1723 interface Serial0/0/0.1
1723
ip nat inside source static tcp x.x.x.4 3389 interface Serial0/0/0.1
3389
ip nat inside source static tcp x.x.x.13 25 interface Serial0/0/0.1 25
ip nat inside source static tcp x.x.x.3 110 interface Serial0/0/0.1 110
!
!
logging trap debugging
logging facility local2
logging 172.16.32.5
access-list 1 remark SDM_ACL Category=16
access-list 1 permit x.x.x.0 0.0.31.255
access-list 2 remark HTTP Access-class list
access-list 2 remark SDM_ACL Category=1
access-list 2 permit x.x.x.0 0.0.31.255
access-list 2 deny any
access-list 100 permit udp any any eq bootpc
access-list 101 permit tcp any host x.x.x.89 eq www
access-list 101 permit tcp any host x.x.x.89 eq ftp
access-list 101 permit tcp any host x.x.x.89 eq ftp-data
access-list 101 permit tcp any host x.x.x.89 eq pop3
access-list 101 permit tcp any host x.x.x.89 eq smtp
access-list 101 permit tcp any host x.x.x.89 eq 3389
access-list 101 permit tcp any host x.x.x.89 eq domain
access-list 101 permit tcp any host x.x.x.89 eq echo
access-list 101 permit udp any host x.x.x.89 eq domain
access-list 101 permit udp any host x.x.x.89 eq isakmp
access-list 101 permit icmp any host x.x.x.89 echo
access-list 101 permit icmp any host x.x.x.89 echo-reply
access-list 101 permit tcp any host x.x.x.89 eq 1723
access-list 101 permit gre any host x.x.x.89
access-list 101 permit udp any host x.x.x.89 eq non500-isakmp
access-list 101 permit ahp any host x.x.x.89
access-list 101 permit esp any host x.x.x.89
access-list 101 permit tcp any host x.x.x.89 range 20481 20485
access-list 101 permit udp any host x.x.x.89 eq 1804
access-list 102 remark SDM_ACL Category=4
access-list 102 remark IPSec Rule
access-list 102 permit ip x.x.x.0 0.0.31.255 x.x.x.0 0.0.31.255
access-list 103 remark SDM_ACL Category=2
access-list 103 remark IPSec Rule
access-list 103 deny ip x.x.x.0 0.0.31.255 x.x.x.0 0.0.31.255
access-list 103 permit ip x.x.x.0 0.0.31.255 any
access-list 105 remark VTY Access-class list
access-list 105 remark SDM_ACL Category=1
access-list 105 permit ip x.x.x.0 0.0.31.255 any
access-list 105 deny ip any any
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
no cdp run
!
route-map SDM_RMAP_1 permit 1
match ip address 103
!
!
!
!
control-plane
!
!
banner login ^C Welcome^C
banner motd ^CWelcome^C
!
line con 0
exec-timeout 15 0
login authentication local_auth
transport output telnet
line aux 0
exec-timeout 15 0
login authentication local_auth
transport output none
line vty 0 4
access-class 105 in
privilege level 15
password 7 ...
login authentication local_auth
transport input telnet
!
scheduler allocate 20000 1000
end

Similar Posts

Vpn site to site + vpn cisco client access list problem. (Routers) by Vigarv
Site address for Virus Description site on internet wanted (Virus & Worms) by Brian
IPSEC: reserved not zero on payload message when connecting site-to-site (Routers) by Arjan
831 connect to secondary site in the event of primary site failure (Routers) by Dave
Advice on site to site connection and internet access (Internet & Broadband) by Jaime

Internet Office and Resources