vpn client connects to cisco2611

informaticaul · ‎04-17-2006

Hello:

I have a problem with my connection.

A vpn client 4.0 connect to the cisco 2611 router, but can´t pass traffic.How can i debug it? How can i resolve it? Any ideas?

thank you.

m.sir · ‎04-17-2006

It could be nat traversal issue

try command on your 2611

router(config)crypto ipsec nat-transparency udp-encapsulation

M.

Hope that helps, rate if it does

informaticaul · ‎04-18-2006

Hello:

Here i show relevant configuration lines:

username cisco password cisco

aaa new-model

!

aaa authentication login default local

aaa authentication login userauthen local

aaa authorization network groupauthor local

aaa session-id common

crypto isakmp policy 3

encr 3des

authentication pre-share

group 2

crypto isakmp client configuration group cisco

key cisco

pool ciscopool

acl 109

crypto ipsec security-association lifetime seconds 43200

!

crypto ipsec transform-set ciscoset esp-3des esp-sha-hmac

no crypto ipsec nat-transparency udp-encaps

!

crypto dynamic-map dynmap 10

set transform-set ciscoset

crypto map ciscomap client authentication list userauthen

crypto map ciscomap isakmp authorization list groupauthor

crypto map ciscomap client configuration address respond

crypto map ciscomap 10 ipsec-isakmp dynamic dynmap

interface ATM0.1 point-to-point

ip address 10.0.0.1 255.0.0.0

ip nat outside

ip virtual-reassembly

crypto map ciscomap

pvc 8/32

encapsulation aal5snap

ip local pool ciscopool 192.168.4.1 192.168.4.10

ip route 0.0.0.0 0.0.0.0 ATM0.1

!

ip nat inside source route-map nonat interface ATM0.1 overload

access-list 109 permit ip 192.168.13.0 0.0.0.255 192.168.4.0 0.0.0.255

access-list 110 deny ip 192.168.13.0 0.0.0.255 192.168.4.0 0.0.0.255

access-list 110 permit ip 192.168.13.0 0.0.0.255 any

!

route-map nonat permit 10

match ip address 110

the net diagram is below:

local lan(192.168.13.0)---(Router ADSL)---INET----(Cisco Vpn client)(pool 192.168.4.0)

thank you.