Question : Cisco 2600 VPN

I setup my Cisco 2600 and a VPn server. Clients can connect and establish a connection but when i am in the router i cannot ping them and when they ping the internal network for example from a client running vpn client 5 type ping 10.10.10.1 the router it self it comes back with the WAN ip address. config is posted below any ideas? this router is a Cisco 2611 and cannot run SDM.



User Access Verification

Username:
Password:

McBride#show runn
Building configuration...

Current configuration : 2801 bytes
!
version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname McBride
!
boot-start-marker
boot system flash
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$Zddz$4MleWceM/GVipuPDcdT8H1
enable password ******
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
aaa authorization network groupaithor local
aaa session-id common
ip subnet-zero
ip cef
!
!
ip name-server 71.252.0.12
!
ip dhcp pool Default
   import all
   network 10.10.10.0 255.255.255.0
   dns-server 71.252.0.12
   default-router 10.10.10.1
   lease 4
!
ip audit po max-events 100
!
!
!
!
!
!
!
!
!
!
!
!
username dcoulson privilege 15 password 0 *****
!
!
!
!
crypto isakmp policy 3
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp client configuration group cpnclient
 key pilsner
 dns 10.10.10.1
 wins 10.10.10.1
 domain MCB.com
 pool VPN
 acl 101
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 10
 set transform-set myset
 reverse-route
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!
!
interface Ethernet0/0
 description WAN INTERFACE
 ip address 151.201.xxx.xxx 255.255.255.0
 ip nat outside
 ip nbar protocol-discovery
 no ip mroute-cache
 full-duplex
 no cdp enable
 crypto map clientmap
!
interface Ethernet0/1
 description LAN INTERFACE
 ip address 10.10.10.1 255.255.255.0
 ip nat inside
 no ip mroute-cache
 full-duplex
 no cdp enable
!
ip local pool VPN 192.168.1.1 192.168.1.254
ip nat inside source list 1 interface Ethernet0/0 overload
ip nat inside source list 111 interface Ethernet0/1 overload
ip nat inside source static tcp 10.10.10.9 5800 interface Ethernet0/0 5800
ip nat inside source static tcp 10.10.10.9 5900 interface Ethernet0/0 5900
ip nat inside source static udp 10.10.10.251 7000 interface Ethernet0/0 7000
ip nat inside source static tcp 10.10.10.251 7000 interface Ethernet0/0 7000
no ip http server
ip http authentication local
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 151.201.141.1
!
!
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 101 permit ip 10.10.10.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 111 remark NAT for internet traffic only
access-list 111 deny   ip 10.10.10.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 111 permit ip 10.10.10.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
snmp-server community public RO
!
!
!
!
!
line con 0
 exec-timeout 0 0
line aux 0
line vty 0 4
 privilege level 15
 password ******
!
!
end

McBride#

Answer : Cisco 2600 VPN

Access-list 111 is fine.  Problem is your NAT statement is not using 111 but rather access-list 1.

conf t
no ip nat inside source list 1 interface Ethernet0/0 overload
ip nat inside source list 111 interface Ethernet0/0 overload