Re: VPN Tunnel From VPN Client 3.5.x to 827 Problems

j-schroeder · ‎07-30-2002

Hi all,

I have configured the 827 to accept VPN connections from 3.5.x clients. The VPN tunnel establishes correctly, reverse route injection happens, and then I can ping any host on the inside subnet. I can browse the Microsoft network neighborhood and connect to servers, but if I try and telnet, ftp, or ssh to any inside servers, the connection always times out. I have done some packet sniffing, and it shows that the the pc with the vpn client keeps resetting the connection for ftp, telnet and ssh. Any ideas? Thanks.

edadios · ‎07-30-2002

Try adjusting your mtu on the client, and maybe there is also an mtu issue on the 827 side.

You can confirm this by testing various length pings and see where it fails.

Regards,

widgedm · ‎07-31-2002

Would you mind sharing a sanitized version of your IOS code for this? I'm trying to do something comparable for a Cisco 1720.

What IOS release are you using?

My biggest questions are regarding the AAA Auth functions. Which ref doc gave you the most info for this setup?

Have you resolved your current problem?

j-schroeder · ‎07-31-2002

Sure, email me at jschroeder@vermeermfg.com, I'll send a copy to you. I'll find the doc that I used and include a link to it in the email. I have not resolved my problem yet, but I am not sure if the pc is working correctly. From the packet sniffing, I can see that the packets are coming back to the pc and getting decrypted, but I don't know why it doesn't work. Still looking into it.

j-schroeder · ‎07-31-2002

The problem with telnet and ssh on the inside is due to static nat mappings on the outside interface. As soon as those were removed, all worked as it should.

edadios · ‎07-31-2002

Then you could have done policy routing so that you can still have the static nats, and the vpn working with it . It is something like this:

http://www.cisco.com/warp/public/707/static.html

Regards,