Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Usage of "External" VPN3000 Inferface

Hello,

because we have to change our currently used (old) IP address on the "Public" interface (move to a different address range) we planned to do a smoth migration by configuring the third, "External" VPN 3000 interface (of course as "Public") with the new IP address. That new IP address can be pinged, but it is not possible to connect to it using VPN. The "Live Event Log" does show absolutely no activity. Are there any known issues with the External interface (Version 3.6.3) or is that impossible to work ?

Thank you very much in advance !

4 REPLIES
New Member

Re: Usage of "External" VPN3000 Inferface

That should be possible. Have you check what rules are applied to the "External" interface filter ?? To be able to terminate a VPN client connection, the following three rules is a must:

1. ISAKMP In

2. ISAKMP Out

3. IPSec ESP

Let me know, how is your finding.

Regards,

Engel

New Member

Re: Usage of "External" VPN3000 Inferface

Hello,

I have the same filter as on the Public Interface : "2. Public (Default)". Of course IKE and ESP are permitted. What am I doing wrong ?

Thank you very much in advance.

New Member

Re: Usage of "External" VPN3000 Inferface

You need to be carefull on using the third interface. Even though you can configure the interface to be public, it does not have all the functioality of the public interface. I had this problem using a TCP connection on the external interface. After two days of reseaching the problem, there was a small blurb on the Cisco site on this. This interface does not support TCP connections. It refuses the connection and will not log the results. Good luck

John B

New Member

Re: Usage of "External" VPN3000 Inferface

We are able to terminate IPSec over UDP clients to the External interface. By the default, the External won`t receive IPSec/UDP (or I believe IPSec/TCP) connection, but the workaround is simple, just create rules (Inbound and Outbound) to accept UDP 10000 ( or TCP 10000 for that matter).

HTH,

Engel

84
Views
0
Helpful
4
Replies