Cisco VPN Client with etoken Aladdin

Unanswered Question
Jun 15th, 2007

My network is this

<<<192.168.251.1------192.168.50.2>>>---wan---<<<192.168.50.1 -----192.168.190.1>>>------pc with cisco VPN Client and IP 192.168.190.2

I want connect to Router 192.168.50.2 over my router with VPN Client to net 192.168.251.1 and permit only IPSec traffic . I have Etoken Aladdin with certificate on VPN Client

My router config is

ip dhcp excluded-address 192.168.190.1

!

ip dhcp pool LAN-pool

import all

network 192.168.190.0 255.255.255.0

default-router 192.168.190.1

lease 0 2

interface FastEthernet0

description $WAN$

ip address 192.168.50.1 255.255.255.0

duplex auto

speed auto

ip access-group Tunnel1 in

interface Vlan1

description $OFFICE-LAN$

ip address 192.168.190.1 255.255.255.0

ip tcp adjust-mss 1452

ip route 0.0.0.0 0.0.0.0 192.168.50.2

ip access-list extended Tunnel1

permit esp host 192.168.50.2 host 192.168.50.1

permit udp host 192.168.50.2 any eq isakmp

permit icmp any any

and no work with this access-list. When insert rout in access-list Tunnel1

permit udp host 192.168.50.2 any it is OK

I think is for Etoken but I don?t know which UDP port use

Can you help me. Thank

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
shomar Tue, 06/19/2007 - 21:16

Hi vaba,

I think this is to permit ISAKMP nad NAT-T to pass, not etoken.

try opening udp 500 and udp 4500 on the access list and give it a try.

Kind regards,

Shadi`

Actions

This Discussion