Cisco 871W eZVPN is unable to connect Cisco PIX vpn server

Anand Narayana · ‎06-01-2008

crypto ipsec client ezvpn TEST

connect auto

group Cisco key cisco123

mode client

peer 172.1.1.1

xauth userid mode interfactive

interface FastEthernet4

ip address 10.1.1.1 255.255.255.0

ip access-group 101 in

ip nat outside

crypto ipsec client ezvpn TEST

Internet Vlan1

ip address 192.168.1.1 255.255.255.0

ip access-group 100 out

ip nat inside

crypto ipsec client ezvpn TEST inside

ip route 0.0.0.0. 0.0.0.0 192.168.1.254

ip nat inside source route-map EzVPN1 interface FastEthernet4 overload

access-list 100 permit ip any any

access-list 101 permit ip any any

access-list 103 permit ip 192.168.1.0 0.0.0.255 any

route-map EzVPN1 permit 1

match ip address 103

These are the following commands I applied in my Router, It is able to connect but unable to access any other servers. The same user name & password I tried with the VPN dialer it works on my Laptop. Anything I am missing on the router configuration. The VPN server is Cisco PIX 515E.

Cisco IOS on 871W is 12.3(8)Y12

Farrukh Haroon · ‎06-06-2008

1) Isn't your default route supposed to be pointing towards the external interface?

ip route 0.0.0.0. 0.0.0.0 192.168.1.254 ?

2) Can you change the 'mode client' to 'mode network-extension'. Also the PIX will need 'nem enable'.

Have a look at the following (I'm assuming you already have as your config seems to be similar):

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080809222.shtml

For old 6.x code on PIX, have a look at:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080241a0d.shtml

Regards

Farrukh

Anand Narayana · ‎06-22-2008

Farrukh,

Thanks for responding, there wass BUG in the IOS which was installed on this device, after upgrading to the latest it started working.