Cisco 877 IOS IPSec Tunnel and Cisco VPN Client Problem on same dialer int

Unanswered Question
Mar 12th, 2007

We have a customer who has 3 sites. Two sites have a Cisco 877-SEC-K9 and the other site has a Draytek 2800. All three sites have full-meshed VPNs. The sites that have Cisco routers are configured to use a GRE VPN tunnel whereas when connecting to the Draytek router site, an IOS IPSEC tunnel has been configured. These VPNs are all working.

However, recently the client has requested to have remote access into one of the sites that have a Cisco 877. Therefore we decided to implement Cisco VPN client configuration onto the router. Once the configuration was uploaded, the GRE tunnels continued to be active whereas the IOS IPsec tunnels to the Draytek were showing as DOWN-NEGOTIATING. Once the Cisco VPN client configuration was removed, these VPNs became active again.

I have attached the configurations both before and after adding the Cisco VPN client commands on the Cisco 877-SEC-K9 router.

I would be grateful for any feedback on what might be going wrong!!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Kamal Malhotra Mon, 03/12/2007 - 08:53

Hi Inder,

A couple of things.

1. Did you remove the crypto map from the Dialer1 interface and put it back after making the changes?

2. Are the VPN clients able to connect to the router?

3. Did you capture any debugs and what do they say?

If you did not remove the crypto map and put it back as mentioned in point 1, please do it and see if solves the problem. Please answer to points 2 and 3 as well for proceeding further.


*Please rate if it helps,



inderpalsogi Tue, 03/13/2007 - 02:03


Thank you very much for your assistance. I removed the crypto map from dialer 1 and then re-applied. This resolved the issue to a certain extent.

However, for further testing I reloaded the Cisco router and once booted up it would not re-initaite the VPN tunnel to the Drayek. It said DOWN-NEGOTIATING. I had to do the above again to have the VPN active again.

Any ideas as to why to this is happening? I am slightly concerned that if the cisco router was rebooted, the VPN tunnel has to be re-initialised by removing and re-applyinng the crypto map to the dialer 1 interface.


This Discussion