Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

vpn client connects to cisco2611

Hello:

I have a problem with my connection.

A vpn client 4.0 connect to the cisco 2611 router, but can´t pass traffic.How can i debug it? How can i resolve it? Any ideas?

thank you.

2 REPLIES
Gold

Re: vpn client connects to cisco2611

It could be nat traversal issue

try command on your 2611

router(config)crypto ipsec nat-transparency udp-encapsulation

M.

Hope that helps, rate if it does

New Member

Re: vpn client connects to cisco2611

Hello:

Here i show relevant configuration lines:

username cisco password cisco

aaa new-model

!

!

aaa authentication login default local

aaa authentication login userauthen local

aaa authorization network groupauthor local

aaa session-id common

crypto isakmp policy 3

encr 3des

authentication pre-share

group 2

crypto isakmp client configuration group cisco

key cisco

pool ciscopool

acl 109

crypto ipsec security-association lifetime seconds 43200

!

crypto ipsec transform-set ciscoset esp-3des esp-sha-hmac

no crypto ipsec nat-transparency udp-encaps

!

crypto dynamic-map dynmap 10

set transform-set ciscoset

crypto map ciscomap client authentication list userauthen

crypto map ciscomap isakmp authorization list groupauthor

crypto map ciscomap client configuration address respond

crypto map ciscomap 10 ipsec-isakmp dynamic dynmap

interface ATM0.1 point-to-point

ip address 10.0.0.1 255.0.0.0

ip nat outside

ip virtual-reassembly

crypto map ciscomap

pvc 8/32

encapsulation aal5snap

ip local pool ciscopool 192.168.4.1 192.168.4.10

ip route 0.0.0.0 0.0.0.0 ATM0.1

!

ip nat inside source route-map nonat interface ATM0.1 overload

access-list 109 permit ip 192.168.13.0 0.0.0.255 192.168.4.0 0.0.0.255

access-list 110 deny ip 192.168.13.0 0.0.0.255 192.168.4.0 0.0.0.255

access-list 110 permit ip 192.168.13.0 0.0.0.255 any

!

route-map nonat permit 10

match ip address 110

the net diagram is below:

local lan(192.168.13.0)---(Router ADSL)---INET----(Cisco Vpn client)(pool 192.168.4.0)

thank you.

99
Views
0
Helpful
2
Replies