Cisco VPN Client with etoken Aladdin

vaba · ‎06-15-2007

My network is this

<<<192.168.251.1------192.168.50.2>>>---wan---<<<192.168.50.1 -----192.168.190.1>>>------pc with cisco VPN Client and IP 192.168.190.2

I want connect to Router 192.168.50.2 over my router with VPN Client to net 192.168.251.1 and permit only IPSec traffic . I have Etoken Aladdin with certificate on VPN Client

My router config is

ip dhcp excluded-address 192.168.190.1

!

ip dhcp pool LAN-pool

import all

network 192.168.190.0 255.255.255.0

default-router 192.168.190.1

lease 0 2

interface FastEthernet0

description $WAN$

ip address 192.168.50.1 255.255.255.0

duplex auto

speed auto

ip access-group Tunnel1 in

interface Vlan1

description $OFFICE-LAN$

ip address 192.168.190.1 255.255.255.0

ip tcp adjust-mss 1452

ip route 0.0.0.0 0.0.0.0 192.168.50.2

ip access-list extended Tunnel1

permit esp host 192.168.50.2 host 192.168.50.1

permit udp host 192.168.50.2 any eq isakmp

permit icmp any any

and no work with this access-list. When insert rout in access-list Tunnel1

permit udp host 192.168.50.2 any it is OK

I think is for Etoken but I don?t know which UDP port use

Can you help me. Thank

vaba · ‎06-18-2007

is anyone help me for this ?

shomar · ‎06-19-2007

Hi vaba,

I think this is to permit ISAKMP nad NAT-T to pass, not etoken.

try opening udp 500 and udp 4500 on the access list and give it a try.

Kind regards,

Shadi`