Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
994
Views
0
Helpful
3
Replies

Site to Site IPSEC VTI + VPN Client on a stick

jazzlim2004
Level 1
Level 1

‎09-02-2010 02:12 AM - edited ‎02-21-2020 04:49 PM

Hi,

Currently have a working site to site Ipsec VTI with zone-based firewall.

Now I would like to configure the router to allow remote VPN client (using a stick) to access the network behind the router.(see attached diagram)

Can the experts take a look at my configuration and advise me the problem.

Thank you

Labels:
Preview file
6 KB
71464-Client.txt.zip
0 Helpful
3 Replies 3

jazzlim2004
Level 1
Level 1

‎09-13-2010 05:33 AM

Hi,

Any one can help??

0 Helpful

praprama
Cisco Employee
Cisco Employee
In response to jazzlim2004

‎09-13-2010 06:25 AM

Hi Kim,

The config for the VPN part seems alright. But, there seems to be no zone-pair for Inside-Ezclient and vice versa and also for Outside-Ezclient and vice versa.

Please create zone-pairs for those as well and allow/deny necessary traffic. For Outside-Ezclient and vice versa, you will need to allow ESP and UDP 4500 as well. For Inside-Ezclient and vice versa, if you want the VPN clients to be able to access anything, a "permit ip any any" would do.

Let me know if it works.

Regards,

Prapanch

0 Helpful

jazzlim2004
Level 1
Level 1
In response to praprama

‎09-13-2010 07:20 PM

Hi,

I amended as your advise but still have the same  error below: What may be the problem?

Cisco Systems VPN Client Version 5.0.00.0340
Copyright (C) 1998-2006 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 3

11     10:14:53.187  09/14/10  Sev=Warning/2    IKE/0xE300009B
Invalid SPI size (PayloadNotify:116)

12     10:14:53.187  09/14/10  Sev=Warning/3    IKE/0xA3000058
Received malformed message or negotiation no longer active (message id: 0x00000000)

Thank you

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents