×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

IPSec Clients Behind 831 No Longer Connect When IPSec VPN Server is Enabled

Unanswered Question
Dec 28th, 2005
User Badges:

When I enable the crypto map on the outside/untrusted interface, my IPSec client behind the 831 on the trusted network no longer can connect. I'm using a dynamic crypto map for the vpn server to allow any remote peer to connect. I'm not using any ACL in my crypto map definition.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jackko Wed, 12/28/2005 - 15:25
User Badges:
  • Gold, 750 points or more

the issue sounds like the router (after the enabling the crypto map) was attempting to decrypt the packet itself rather than forward the encrypted packet to the host behind the router.


not too sure what you are referring to with "not using any acl in my crypto map definition".


please post the entire config with public ip masked.

jackko Fri, 12/30/2005 - 04:33
User Badges:
  • Gold, 750 points or more

the posted config has xxx.yyy.xxx all the way. i believe there shouldn't be any drama to leave the private subnet as it is, and mask only the public ip.



jackko Mon, 01/02/2006 - 17:41
User Badges:
  • Gold, 750 points or more

the first thing is to modify the vpn client pool. the pool should never overlap with the internal subnet scheme.

Actions

This Discussion