12-28-2005 12:39 PM - edited 02-21-2020 02:10 PM
When I enable the crypto map on the outside/untrusted interface, my IPSec client behind the 831 on the trusted network no longer can connect. I'm using a dynamic crypto map for the vpn server to allow any remote peer to connect. I'm not using any ACL in my crypto map definition.
12-28-2005 03:25 PM
the issue sounds like the router (after the enabling the crypto map) was attempting to decrypt the packet itself rather than forward the encrypted packet to the host behind the router.
not too sure what you are referring to with "not using any acl in my crypto map definition".
please post the entire config with public ip masked.
12-28-2005 06:42 PM
12-30-2005 04:33 AM
the posted config has xxx.yyy.xxx all the way. i believe there shouldn't be any drama to leave the private subnet as it is, and mask only the public ip.
01-02-2006 05:34 PM
01-02-2006 05:41 PM
the first thing is to modify the vpn client pool. the pool should never overlap with the internal subnet scheme.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: