Cisco VPN Client with etoken Aladdin

Unanswered Question
Jun 15th, 2007
User Badges:

My network is this


<<<192.168.251.1------192.168.50.2>>>---wan---<<<192.168.50.1 -----192.168.190.1>>>------pc with cisco VPN Client and IP 192.168.190.2


I want connect to Router 192.168.50.2 over my router with VPN Client to net 192.168.251.1 and permit only IPSec traffic . I have Etoken Aladdin with certificate on VPN Client


My router config is


ip dhcp excluded-address 192.168.190.1

!

ip dhcp pool LAN-pool

import all

network 192.168.190.0 255.255.255.0

default-router 192.168.190.1

lease 0 2

interface FastEthernet0

description $WAN$

ip address 192.168.50.1 255.255.255.0

duplex auto

speed auto

ip access-group Tunnel1 in


interface Vlan1

description $OFFICE-LAN$

ip address 192.168.190.1 255.255.255.0

ip tcp adjust-mss 1452



ip route 0.0.0.0 0.0.0.0 192.168.50.2


ip access-list extended Tunnel1

permit esp host 192.168.50.2 host 192.168.50.1

permit udp host 192.168.50.2 any eq isakmp

permit icmp any any



and no work with this access-list. When insert rout in access-list Tunnel1


permit udp host 192.168.50.2 any it is OK

I think is for Etoken but I don?t know which UDP port use


Can you help me. Thank



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
vaba Mon, 06/18/2007 - 23:08
User Badges:

is anyone help me for this ?

shomar Tue, 06/19/2007 - 21:16
User Badges:

Hi vaba,


I think this is to permit ISAKMP nad NAT-T to pass, not etoken.


try opening udp 500 and udp 4500 on the access list and give it a try.


Kind regards,

Shadi`

Actions

This Discussion