Cisco 831 - Easy VPN Server

Answered Question
Jan 21st, 2008
User Badges:

Hello,


I am trying to create an easy VPN server on the Cisco 831. When I "test" the Easy VPN it says that it tested successfully, but when I attempt to VPN into the router from the Windows XP built in VPN client, I am unable to connect.


Does someone have recommendations for how to configure the Easy VPN? I basically just selected all of the default options. I have not been able to find any tutorials in the online Cisco docs.


Do I need to have the Cisco VPN client to connect to the Cisco router?


Any other thoughts?

Correct Answer by ajagadee about 9 years 1 month ago

Your pool of IP Addresses that you are trying to assign to the remote users is part of your LAN, which is not the best way to assign ip address to the VPN Clients and I have seen a lot of issues in the past were the router will not route the packets back to the client. So, you may want to change the POOL to something other than your LAN. Ex. 192.168.1.0/24.


Also, make sure that you re-configure your ACL 102 accordingly.


Once you make the changes, try connecting again and let me know how it goes.


Regards,

Arul


** Please rate all helpful posts **

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
ajagadee Mon, 01/21/2008 - 19:26
User Badges:
  • Cisco Employee,

In order to use the Microsoft Client, you need to configure the router to accept PPTP Connections. Please refer the below URL for details.


http://www.cisco.com/en/US/tech/tk827/tk369/technologies_configuration_example09186a00801e51e2.shtml


BTW, you should be able to download the VPN Client software and test the connection as well. Please let me know if it helps.


Regards,

Arul


** Please rate if it helps **

mekkaman19 Mon, 01/21/2008 - 19:30
User Badges:

Thanks, I will give that a shot.


The Cisco website is giving me a 403 when I attempt to download the VPN client. Do I have to pay for this? Do you have a direct link where I can access it?


Also, do you have any other configuration advice on the Easy VPN server? or any docs?

ajagadee Mon, 01/21/2008 - 19:42
User Badges:
  • Cisco Employee,

My understanding is, you should have a smartnet contract or equivalent contract and Cisco User ID to download the VPN Client.


Regards,

Arul

mekkaman19 Thu, 01/24/2008 - 07:46
User Badges:

I was successfully able to setup my VPN and connect with the Cisco VPN client.


When connected, I can only ping the router 10.10.10.1 and no other devices. I can not remote desktop to any devices either. Is this a firewall/routing issue?


Thanks again!

ajagadee Mon, 01/28/2008 - 13:13
User Badges:
  • Cisco Employee,

Can you post the copy of the current configuration along with "show cry is sa" and "show crypto ipsec sa" outputs.


Thanks,

Arul


** Please rate all helpful posts **

Correct Answer
ajagadee Mon, 01/28/2008 - 21:17
User Badges:
  • Cisco Employee,

Your pool of IP Addresses that you are trying to assign to the remote users is part of your LAN, which is not the best way to assign ip address to the VPN Clients and I have seen a lot of issues in the past were the router will not route the packets back to the client. So, you may want to change the POOL to something other than your LAN. Ex. 192.168.1.0/24.


Also, make sure that you re-configure your ACL 102 accordingly.


Once you make the changes, try connecting again and let me know how it goes.


Regards,

Arul


** Please rate all helpful posts **

mekkaman19 Tue, 02/12/2008 - 14:00
User Badges:

I had two more additional questions:


Is there a setting to push down my internal DNS server so that I can resolve the local Windows XP computer names when I dns them? This is already taking place on the computers on the LAN through DHCP.


Also, is there a way to make the router properly route my internet traffic so that I can view the internet while connected via VPN?


Thanks again!

Actions

This Discussion