I'm trying to get a VPN connection working, and for now, it's impossible. The situation is that I have a 2821 with two GbEth interfaces, one inside and the other outside. But the outside is not a real "outside". It is a connection to our providers router, which has one FastEth in our side and one Serial in theirs. The connection wih us uses private addresses, as well as all the path between them and the remote side, in our DataCenter. This is the topology:
There is a PAT with a public address we have configured at the 2821 external interface, translating the 192.168.0.x to this public address. We need a VPN connection to our office for some homework, so I decided to make use of the EasyVPN Server included in the 2821 and the Cisco VPN Client.
Well, if I try to make the VPN using the 2821 external interface as the crypto interface, I cannot point the VPN client to the private address configured there, so I tried the public PAT'ed one. All I've got is this series of log messages:
Received malformed message or negotiation no longer active (message id: 0x00000000)
So, I've supposed that the problem is to try to connect to an IP that doesn't belong to a physical interface, and I changed the topology, virtually: I made a GRE tunnel between the two remote sites, to avoid the part we are not in control, using the PAT ip as the address for the Tunnel interface. This is the new schema:
PAT is now between the tunnel interface and the inside private addresses. I changed the VPN to reflect this, and... no luck. At least I've got now the xAuth login window, but the secure channel never gets up. This is the VPN client log with the infamous NO_PROPOSAL_CHOSEN:
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...