Cisco 877 / Cisco easy VPN and bridged - layer 3 dsl connection

Unanswered Question
Feb 12th, 2007


I have some strange vpn issues with a 877 router. The router is configured as a bridge as the DSL connection is layer 3 connection where the ISP has provided an IP address (no pppoe login etc as such). The router is setup and operational, the config is simply 3 port redirections (smtp, pop3 and rdp) to the inside network and nat from the inside to the outside. The issue I have is the vpn client connects and tunnel come up. You can ping anything on the network and DNS works from the Windows 2K server, you can connect via ssh, log in but then the connection is terminated!, I can telnet to port 22 and get the ssh header. I can not connect to any other port on the windows server or free bsd box - ie smtp, rdp or pop3.

The VPN connection is as per the Cisco doco on setting up a simple server client config using local username/password authenication. The VPN client is 4.8 and IOS is 12.4 ip security (I think from memory)

the bvi1 interface is the outside and also has the crypto bound to it as well, No acls on the bvi1 interface, but I have tried a two line acl which allowed access from the vpn network followed by an ip any any rule.

I have not got the config in operation but will post it as soon as I get it. Has any one seen a simular issue before? If so please sand me some pointer.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Kamal Malhotra Mon, 02/12/2007 - 17:21

Hi Adrian,

It seems that you need to byepass the NAT engine. If you could send me the running config of the router, I can send you the commands you need.



adrianeurell Wed, 02/14/2007 - 04:15


Here is a audited copy of the config attached to this message

From the VPN client I can ping the windows/VPN server but can not telnet to any ports on the servers (except for some reason tcp 22)

I'm know really stumped as I have not seen this happen before - but that said this is the virst bridged connection, all of the others have been pppoe routed connections.

Any ideas?



This Discussion