Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1197
Views
0
Helpful
3
Replies

No traffic passing through established IPSec tunnel

jpodolanko
Level 1
Level 1

‎12-18-2007 03:21 PM - edited ‎02-21-2020 03:26 PM

I stumbled upon a new issue with a newer VPN technology. I have attached a current configuration of my Cisco 871W Router. Here's my dilemma:

I set up my VPN server configuration in the router using the Virtual-Template interface which maps to my VPN Loopback interface (Loopback1). This is the so-called "Enhanced VPN" which no longer maps a crypto policy to the WAN interface. I can successfully connect to the VPN via Cisco VPN Client software v5.0. It passes all stages of IKE, creates the IPSec tunnel and assigns me a specified IP Address from a local pool (172.23.5.210 - 172.23.5.214). The problem...is that once I have established an IPSec tunnel, I can pass NO traffic. I can't even ping the default gateway (172.23.5.209 - Loopback1). I CAN ping the router WAN interface however...FastEthernet4 (which is assigned via DHCP by Comcast). I've tried everything I can think of, but still can't pass any traffic. The debug logs have told me nothing because the tunnel established successfully.

Oh...and on another note, my SSL VPN works just fine. I can establish a full tunnel and pass traffic, telnet, RDP, etc. I just can't do it with a software client installed on a WinXP_SP2 platform.

I think I may have narrowed it down to either NAT or an ACL, but I'm even doubtful of that.

Oh...for reference, I'm running Advanced IP Services 12.4(15)T IOS.

Can anyone help me?

Thanks!!!!

Labels:
Preview file
30 KB
0 Helpful
3 Replies 3

irisrios
Level 6
Level 6

‎12-26-2007 10:20 AM

Mostly the issue happens to be with Crypto map and access-list. Ensure that the corresponding application ports are opened. Refer URL http://www.cisco.com/en/US/customer/tech/tk583/tk372/technologies_tech_note09186a00800949c5.shtml#verif for more information.

0 Helpful

jpodolanko
Level 1
Level 1
In response to irisrios

‎12-26-2007 02:08 PM

I played with the ACL's and NAT and nothing changed. I removed my 'ip nat inside' command from my Loopback1 interface. SSLVPN still works fine. I'm about ready to give up.

0 Helpful

jpodolanko
Level 1
Level 1
In response to jpodolanko

‎02-07-2008 10:55 AM

I don't know if it was the version of VPN client (5.0.00.39) or some sort of firewall (Norton 360), but I tried on a different computer with the most up-to-date client (5.0.02.90) and it works just fine. I tried on the other computer again and traffic doesn't pass at all. So it's a computer error...not a config error!!!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents