Solved: Re: Route-map and NAT order

selkerleadtn · ‎08-04-2006

I am attempting to provision a Cisco 851 with 12.4(4)T3 using SDM. I do alright until I add and Easy VPN Server.

At that time when the route-maps are added and the tool generates the route-maps associated with the dynamic and static NAT's in place things go south.

The network is small with one MS Server that runs File & Print along with Exchange. There is also a machine with SFTP server loaded on it.

I am hoping someone can assist me with the ACL's I have added part of the configuration

TIA

m-haddad · ‎08-05-2006

What error did u get on the VPN Client? Are you sure you always get the same IP and subnet on your Dialer?

Regards,

View solution in original post

m-haddad · ‎08-04-2006

Many errors in the config. (Mainly in ACLs)

Below you can find a corrected one.

Let me know if this works,

selkerleadtn · ‎08-04-2006

Thanks I will I will have some questions after I test this

Most of this was generated with the SDM tool but it is obvious I made some wrong entries TIA

m-haddad · ‎08-04-2006

Usually I don't use any graphical interface for configuring and even troubleshooting Cisco. ASDM is a good tool but it does't really let you what is going in the background of the config. However, do command line config helps you really understand what is going on and also to do some enhancements such as route summarization etc...

selkerleadtn · ‎08-05-2006

I used to work for a company that had 28 CCIE's

All of them CLI users.....I understand.

selkerleadtn · ‎08-05-2006

I put the router in place and observed the following

sent email via gmail recieved email - success

Did not test SFTP server

Was not able to connect via the VPN client

Had to pull router and put PIX 501 back in place

m-haddad · ‎08-05-2006

What error did u get on the VPN Client? Are you sure you always get the same IP and subnet on your Dialer?

Regards,

selkerleadtn · ‎08-05-2006

Mohamad

The number was 412 I do not remember the exact wording sorry something like connection cancelled/closed by client

The IP is a static handed out by AT&T/SBC....

m-haddad · ‎08-05-2006

Hello,

When I sent you the config the KEY under the vpn client configuration was empty. I don't know if you uploaded the config directly without setting the KEY on the config.

Make sure in the config and on the vpn client the group key is correct!

Let me know the progress,

Regards,

selkerleadtn · ‎08-07-2006

Mohamad

I will try the configuration this evening Monday EDT

Thomas

selkerleadtn · ‎08-07-2006

Mohamad

The problem was with trying to use RADIUS The config was missing some config lines I changed it to authenticate locally and was able to establish connection

Thank you for assistance

m-haddad · ‎08-07-2006

Hello Thomas,

Glad to know that things are working as you wish.

Regards,