Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
242
Views
0
Helpful
4
Replies

Usage of "External" VPN3000 Inferface

berndtonn
Level 1
Level 1

‎04-30-2003 05:34 AM - edited ‎03-09-2019 03:06 AM

Hello,

because we have to change our currently used (old) IP address on the "Public" interface (move to a different address range) we planned to do a smoth migration by configuring the third, "External" VPN 3000 interface (of course as "Public") with the new IP address. That new IP address can be pinged, but it is not possible to connect to it using VPN. The "Live Event Log" does show absolutely no activity. Are there any known issues with the External interface (Version 3.6.3) or is that impossible to work ?

Thank you very much in advance !

Labels:
0 Helpful
4 Replies 4

engel
Level 2
Level 2

‎05-03-2003 06:36 AM

That should be possible. Have you check what rules are applied to the "External" interface filter ?? To be able to terminate a VPN client connection, the following three rules is a must:

1. ISAKMP In

2. ISAKMP Out

3. IPSec ESP

Let me know, how is your finding.

Regards,

Engel

0 Helpful

berndtonn
Level 1
Level 1
In response to engel

‎05-04-2003 11:19 PM

Hello,

I have the same filter as on the Public Interface : "2. Public (Default)". Of course IKE and ESP are permitted. What am I doing wrong ?

Thank you very much in advance.

0 Helpful

jbertone
Level 1
Level 1

‎06-16-2003 06:47 PM

You need to be carefull on using the third interface. Even though you can configure the interface to be public, it does not have all the functioality of the public interface. I had this problem using a TCP connection on the external interface. After two days of reseaching the problem, there was a small blurb on the Cisco site on this. This interface does not support TCP connections. It refuses the connection and will not log the results. Good luck

John B

0 Helpful

engel
Level 2
Level 2
In response to jbertone

‎06-16-2003 07:26 PM

We are able to terminate IPSec over UDP clients to the External interface. By the default, the External won`t receive IPSec/UDP (or I believe IPSec/TCP) connection, but the workaround is simple, just create rules (Inbound and Outbound) to accept UDP 10000 ( or TCP 10000 for that matter).

HTH,

Engel

0 Helpful
Customers Also Viewed These Support Documents