Cisco 871W eZVPN is unable to connect Cisco PIX vpn server

Unanswered Question
Jun 1st, 2008

crypto ipsec client ezvpn TEST

connect auto

group Cisco key cisco123

mode client

peer 172.1.1.1

xauth userid mode interfactive



interface FastEthernet4

ip address 10.1.1.1 255.255.255.0

ip access-group 101 in

ip nat outside

crypto ipsec client ezvpn TEST


Internet Vlan1

ip address 192.168.1.1 255.255.255.0

ip access-group 100 out

ip nat inside

crypto ipsec client ezvpn TEST inside


ip route 0.0.0.0. 0.0.0.0 192.168.1.254


ip nat inside source route-map EzVPN1 interface FastEthernet4 overload


access-list 100 permit ip any any

access-list 101 permit ip any any

access-list 103 permit ip 192.168.1.0 0.0.0.255 any


route-map EzVPN1 permit 1

match ip address 103



These are the following commands I applied in my Router, It is able to connect but unable to access any other servers. The same user name & password I tried with the VPN dialer it works on my Laptop. Anything I am missing on the router configuration. The VPN server is Cisco PIX 515E.


Cisco IOS on 871W is 12.3(8)Y12

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Farrukh Haroon Fri, 06/06/2008 - 18:43

1) Isn't your default route supposed to be pointing towards the external interface?


ip route 0.0.0.0. 0.0.0.0 192.168.1.254 ?


2) Can you change the 'mode client' to 'mode network-extension'. Also the PIX will need 'nem enable'.


Have a look at the following (I'm assuming you already have as your config seems to be similar):


http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080809222.shtml



For old 6.x code on PIX, have a look at:


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080241a0d.shtml


Regards


Farrukh



Anand Narayana Sun, 06/22/2008 - 05:36

Farrukh,

Thanks for responding, there wass BUG in the IOS which was installed on this device, after upgrading to the latest it started working.

Actions

This Discussion