Re: IPSec Clients Behind 831 No Longer Connect When IPSec VPN Se

jamgraham · ‎12-28-2005

When I enable the crypto map on the outside/untrusted interface, my IPSec client behind the 831 on the trusted network no longer can connect. I'm using a dynamic crypto map for the vpn server to allow any remote peer to connect. I'm not using any ACL in my crypto map definition.

jackko · ‎12-28-2005

the issue sounds like the router (after the enabling the crypto map) was attempting to decrypt the packet itself rather than forward the encrypted packet to the host behind the router.

not too sure what you are referring to with "not using any acl in my crypto map definition".

please post the entire config with public ip masked.

jamgraham · ‎12-28-2005

see attachment.

jackko · ‎12-30-2005

the posted config has xxx.yyy.xxx all the way. i believe there shouldn't be any drama to leave the private subnet as it is, and mask only the public ip.

jamgraham · ‎01-02-2006

ok.

jackko · ‎01-02-2006

the first thing is to modify the vpn client pool. the pool should never overlap with the internal subnet scheme.

IPSec Clients Behind 831 No Longer Connect When IPSec VPN Server is Enabled