871W DVTI connection to CVPN 3005

Unanswered Question
May 6th, 2008
User Badges:

I have an 871W running 12.4(15)T5 that I'm trying to connect to a Cisco VPN 3005 concentrator using DVTI.


When I use "traditional" EzVPN, things work as expected, but the moment I add the "virtual-interface" statement (and the tunnel comes back up), I can no longer pass traffic to the far end.


Is this an incompatibility between the CVPN 3005 and DVTI? a bug? or is this a misconfig on my part (extra NAT config, perhaps)?


Any help is appreciated.


Ben


relevant configs:

crypto ipsec client ezvpn VPN-TS

connect auto

group VSU key password

mode client

peer 1.2.3.4

virtual-interface 2 <-- this config works when I remove this statement

username homeuser password password

xauth userid mode local


interface Virtual-Template2 type tunnel

no ip address

ip nat outside

ip virtual-reassembly

tunnel mode ipsec ipv4


interface FastEthernet4

description $FW_OUTSIDE$$ES_WAN$

ip address dhcp

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

crypto ipsec client ezvpn VPN-TS


interface BVI20

description $ES_LAN$$FW_INSIDE$

ip address 172.23.69.22 255.255.255.248

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip route-cache flow

crypto ipsec client ezvpn VPN-TS inside

!

ip nat inside source list 100 interface FastEthernet4 overload


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion