Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Cisco 1712 IPSec VPN connection stalls

Hi all,

i got stuck in configuring a cisco 1712 with a vpn tunnel.

Problem: after the two endpoints are connected (IPsec tunnel), i tried to do

an ftp upload to the other side. As soon as 32kByte of data where transfere

d, the connection stalls or stops.

I don't know what could be debuged or configured to eliminate this problem.

Any help would be wellcome.

Thanks.

Juergen

--- config ---

version 12.3

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

no service dhcp

!

hostname vpn02

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

!

clock timezone MET-1 1

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

no aaa new-model

ip subnet-zero

!

!

!

!

no ip cef

no ip domain lookup

no ip bootp server

ip ips po max-events 100

vpdn enable

!

vpdn-group pppoe

request-dialin

protocol pppoe

!

no ftp-server write-enable

!

!

!

crypto isakmp policy 1

hash md5

authentication pre-share

group 2

crypto isakmp key <SOMEKEY> address <SOMEADDRESS>

crypto isakmp ccm

!

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

!

crypto map CMAP_1 1 ipsec-isakmp

set peer <SOMEADDRESS>

set transform-set ESP-3DES-SHA

match address 100

!

!

!

interface Loopback0

ip address <DSL-ADDRESS>

!

interface BRI0

no ip address

shutdown

no cdp enable

!

interface FastEthernet0

no ip address

no ip route-cache

no ip mroute-cache

duplex auto

speed auto

pppoe enable

pppoe-client dial-pool-number 1

traffic-shape rate 1984000 49600 49600 1000

arp timeout 60

no cdp enable

!

interface FastEthernet1

description VLAN1 Interface

no cdp enable

!

interface FastEthernet2

no cdp enable

!

interface FastEthernet3

no cdp enable

!

interface FastEthernet4

no cdp enable

!

interface Vlan1

ip address 10.10.1.5 255.255.0.0

!

interface Dialer1

ip unnumbered Loopback0

ip mtu 1492

encapsulation ppp

no ip route-cache

no ip mroute-cache

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication pap chap callin

ppp chap hostname <SOMEHOSTNAME>

ppp chap password 0 <SOMEPASSWORD>

ppp pap sent-username <SOMEHOSTNAME> password 0 <SOMEPASSWORD>

crypto map CMAP_1

!

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

no ip http server

ip http access-class 10

ip http authentication local

ip http secure-server

ip http timeout-policy idle 5 life 86400 requests 10000

!

!

!

access-list 10 permit 10.10.0.0 0.0.255.255

access-list 100 permit ip 10.10.0.0 0.0.255.255 192.168.168.0 0.0.0.255

access-list 100 remark IPSec Rule

access-list 101 permit ip 10.10.0.0 0.0.255.255 192.168.168.0 0.0.0.255

dialer-list 1 protocol ip permit

no cdp run

!

!

control-plane

!

!

line con 0

login local

line aux 0

line vty 0 4

privilege level 15

login local

transport input telnet ssh

line vty 5 15

privilege level 15

login local

transport input telnet ssh

!

end

2 REPLIES

Re: Cisco 1712 IPSec VPN connection stalls

Hello Jurgen,

Hope you will find the following links helpful:

http://www.cisco.com/en/US/tech/tk827/tk369/technologies_tech_note09186a0080093f1f.shtml

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080087ae1.html

They describe common problems with tunnels and one of the proposed solutions might work for you.

Regards,

Leo

New Member

Re: Cisco 1712 IPSec VPN connection stalls

Helle Leo,

thanks a lot for your links.

The df bit override functionaltiy does the trick.

Regards

Juergen

293
Views
0
Helpful
2
Replies
CreatePlease to create content