Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

871W DVTI connection to CVPN 3005

I have an 871W running 12.4(15)T5 that I'm trying to connect to a Cisco VPN 3005 concentrator using DVTI.

When I use "traditional" EzVPN, things work as expected, but the moment I add the "virtual-interface" statement (and the tunnel comes back up), I can no longer pass traffic to the far end.

Is this an incompatibility between the CVPN 3005 and DVTI? a bug? or is this a misconfig on my part (extra NAT config, perhaps)?

Any help is appreciated.

Ben

relevant configs:

crypto ipsec client ezvpn VPN-TS

connect auto

group VSU key password

mode client

peer 1.2.3.4

virtual-interface 2 <-- this config works when I remove this statement

username homeuser password password

xauth userid mode local

interface Virtual-Template2 type tunnel

no ip address

ip nat outside

ip virtual-reassembly

tunnel mode ipsec ipv4

interface FastEthernet4

description $FW_OUTSIDE$$ES_WAN$

ip address dhcp

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

crypto ipsec client ezvpn VPN-TS

interface BVI20

description $ES_LAN$$FW_INSIDE$

ip address 172.23.69.22 255.255.255.248

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip route-cache flow

crypto ipsec client ezvpn VPN-TS inside

!

ip nat inside source list 100 interface FastEthernet4 overload

105
Views
0
Helpful
0
Replies