12-18-2007 03:21 PM - edited 02-21-2020 03:26 PM
I stumbled upon a new issue with a newer VPN technology. I have attached a current configuration of my Cisco 871W Router. Here's my dilemma:
I set up my VPN server configuration in the router using the Virtual-Template interface which maps to my VPN Loopback interface (Loopback1). This is the so-called "Enhanced VPN" which no longer maps a crypto policy to the WAN interface. I can successfully connect to the VPN via Cisco VPN Client software v5.0. It passes all stages of IKE, creates the IPSec tunnel and assigns me a specified IP Address from a local pool (172.23.5.210 - 172.23.5.214). The problem...is that once I have established an IPSec tunnel, I can pass NO traffic. I can't even ping the default gateway (172.23.5.209 - Loopback1). I CAN ping the router WAN interface however...FastEthernet4 (which is assigned via DHCP by Comcast). I've tried everything I can think of, but still can't pass any traffic. The debug logs have told me nothing because the tunnel established successfully.
Oh...and on another note, my SSL VPN works just fine. I can establish a full tunnel and pass traffic, telnet, RDP, etc. I just can't do it with a software client installed on a WinXP_SP2 platform.
I think I may have narrowed it down to either NAT or an ACL, but I'm even doubtful of that.
Oh...for reference, I'm running Advanced IP Services 12.4(15)T IOS.
Can anyone help me?
Thanks!!!!
12-26-2007 10:20 AM
Mostly the issue happens to be with Crypto map and access-list. Ensure that the corresponding application ports are opened. Refer URL http://www.cisco.com/en/US/customer/tech/tk583/tk372/technologies_tech_note09186a00800949c5.shtml#verif for more information.
12-26-2007 02:08 PM
I played with the ACL's and NAT and nothing changed. I removed my 'ip nat inside' command from my Loopback1 interface. SSLVPN still works fine. I'm about ready to give up.
02-07-2008 10:55 AM
I don't know if it was the version of VPN client (5.0.00.39) or some sort of firewall (Norton 360), but I tried on a different computer with the most up-to-date client (5.0.02.90) and it works just fine. I tried on the other computer again and traffic doesn't pass at all. So it's a computer error...not a config error!!!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: