Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Movian VPN with 3015 Concentrator

We are having issues with our VPN concentrator routing the the IP address on Movian VPN PDA clients. The client authenticates and gets a IP address assigned. The client is unable to ping any IP address on the private network. We tested the movian client with Certicoms test Cisco Concentrator and it works fine. It must be a setting in our concentrator that I am missing or have incorrectly set. Has anyone else had this problem and how to fix it. Thank you,

4 REPLIES
New Member

Re: Movian VPN with 3015 Concentrator

Hi,

I'm doing some tests PDA VPN tests with the movian client connecting to a 3015 concentrator and am seeing the same problem as you describe. The VPN connection is succesful and the PDA is assigned an IP address and can ping hosts on the assigned IP endpoint subnet but cannot connect to any other internal subnets.

Seems to be more like a routing issue on the PDA than the VPN server, did you ever resolve your problem?

New Member

Re: Movian VPN with 3015 Concentrator

Yes, we had 2 issues.

1. Correct the Network Lists on the Concentrator to work with split tunneling.

2. Correct the ACL in the Pix firewall that was preventing IP packets over IPsec protocol. The ACL would allow handshake to take place and tunnel established but no encrypted packets through.

Hope this helps.

New Member

Re: Movian VPN with 3015 Concentrator

Could you please put the details of what was changed. We are having the same problem with our 3030. Is there something in the firewall extra that needs to be opened that the Cisco client doesn't need?

New Member

Re: Movian VPN with 3015 Concentrator

Try this doc - it helped me out

http://www.certicom.com/download/aid-54/mVPN_Cisco_Deployment_Guide.pdf

Also, I did not have to configure the Cisco concentrator for NAT-T.

I now have my i-mate PDA working through this ok, but it did take some toubleshooting.

155
Views
0
Helpful
4
Replies