Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

IPSec Clients Behind 831 No Longer Connect When IPSec VPN Server is Enabled

When I enable the crypto map on the outside/untrusted interface, my IPSec client behind the 831 on the trusted network no longer can connect. I'm using a dynamic crypto map for the vpn server to allow any remote peer to connect. I'm not using any ACL in my crypto map definition.

5 REPLIES
Gold

Re: IPSec Clients Behind 831 No Longer Connect When IPSec VPN Se

the issue sounds like the router (after the enabling the crypto map) was attempting to decrypt the packet itself rather than forward the encrypted packet to the host behind the router.

not too sure what you are referring to with "not using any acl in my crypto map definition".

please post the entire config with public ip masked.

Community Member

Re: IPSec Clients Behind 831 No Longer Connect When IPSec VPN Se

see attachment.

Gold

Re: IPSec Clients Behind 831 No Longer Connect When IPSec VPN Se

the posted config has xxx.yyy.xxx all the way. i believe there shouldn't be any drama to leave the private subnet as it is, and mask only the public ip.

Community Member

Re: IPSec Clients Behind 831 No Longer Connect When IPSec VPN Se

ok.

Gold

Re: IPSec Clients Behind 831 No Longer Connect When IPSec VPN Se

the first thing is to modify the vpn client pool. the pool should never overlap with the internal subnet scheme.

120
Views
0
Helpful
5
Replies
CreatePlease to create content