06-15-2007 12:26 AM
My network is this
<<<192.168.251.1------192.168.50.2>>>---wan---<<<192.168.50.1 -----192.168.190.1>>>------pc with cisco VPN Client and IP 192.168.190.2
I want connect to Router 192.168.50.2 over my router with VPN Client to net 192.168.251.1 and permit only IPSec traffic . I have Etoken Aladdin with certificate on VPN Client
My router config is
ip dhcp excluded-address 192.168.190.1
!
ip dhcp pool LAN-pool
import all
network 192.168.190.0 255.255.255.0
default-router 192.168.190.1
lease 0 2
interface FastEthernet0
description $WAN$
ip address 192.168.50.1 255.255.255.0
duplex auto
speed auto
ip access-group Tunnel1 in
interface Vlan1
description $OFFICE-LAN$
ip address 192.168.190.1 255.255.255.0
ip tcp adjust-mss 1452
ip route 0.0.0.0 0.0.0.0 192.168.50.2
ip access-list extended Tunnel1
permit esp host 192.168.50.2 host 192.168.50.1
permit udp host 192.168.50.2 any eq isakmp
permit icmp any any
and no work with this access-list. When insert rout in access-list Tunnel1
permit udp host 192.168.50.2 any it is OK
I think is for Etoken but I don?t know which UDP port use
Can you help me. Thank
06-18-2007 11:08 PM
is anyone help me for this ?
06-19-2007 09:16 PM
Hi vaba,
I think this is to permit ISAKMP nad NAT-T to pass, not etoken.
try opening udp 500 and udp 4500 on the access list and give it a try.
Kind regards,
Shadi`
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: