Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Tunnel From VPN Client 3.5.x to 827 Problems

Hi all,

I have configured the 827 to accept VPN connections from 3.5.x clients. The VPN tunnel establishes correctly, reverse route injection happens, and then I can ping any host on the inside subnet. I can browse the Microsoft network neighborhood and connect to servers, but if I try and telnet, ftp, or ssh to any inside servers, the connection always times out. I have done some packet sniffing, and it shows that the the pc with the vpn client keeps resetting the connection for ftp, telnet and ssh. Any ideas? Thanks.

5 REPLIES
Cisco Employee

Re: VPN Tunnel From VPN Client 3.5.x to 827 Problems

Try adjusting your mtu on the client, and maybe there is also an mtu issue on the 827 side.

You can confirm this by testing various length pings and see where it fails.

Regards,

New Member

Re: VPN Tunnel From VPN Client 3.5.x to 827 Problems

Would you mind sharing a sanitized version of your IOS code for this? I'm trying to do something comparable for a Cisco 1720.

What IOS release are you using?

My biggest questions are regarding the AAA Auth functions. Which ref doc gave you the most info for this setup?

Have you resolved your current problem?

New Member

Re: VPN Tunnel From VPN Client 3.5.x to 827 Problems

Sure, email me at jschroeder@vermeermfg.com, I'll send a copy to you. I'll find the doc that I used and include a link to it in the email. I have not resolved my problem yet, but I am not sure if the pc is working correctly. From the packet sniffing, I can see that the packets are coming back to the pc and getting decrypted, but I don't know why it doesn't work. Still looking into it.

New Member

Re: VPN Tunnel From VPN Client 3.5.x to 827 Problems

The problem with telnet and ssh on the inside is due to static nat mappings on the outside interface. As soon as those were removed, all worked as it should.

Cisco Employee

Re: VPN Tunnel From VPN Client 3.5.x to 827 Problems

Then you could have done policy routing so that you can still have the static nats, and the vpn working with it . It is something like this:

http://www.cisco.com/warp/public/707/static.html

Regards,

94
Views
0
Helpful
5
Replies
CreatePlease login to create content