Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Server Connectitivity through VPN

Dears

I am facing problem when my users connecting server farm through IPSEC VPN.Some one of them are connecting while someone cannot. The connected users also facing problem to connect the same server again.I am pasting the configuration below.Please provide me a solution

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

group 2

lifetime 7200

!

crypto isakmp policy 2

encr 3des

authentication pre-share

group 2

!

crypto isakmp client configuration group cisco

key 6 OQSPhFQ`iT_XbddbPA^E^dKN`Q^PGV\UaUdHAAB

dns 192.168.10.10 192.168.10.11

pool remote-vpn-clients

acl VPN_ACL

!

!

crypto ipsec transform-set cisco esp-3des esp-sha-hmac

!

crypto dynamic-map vpn-client 100

set transform-set vpn-client

reverse-route

!

!

crypto map test local-address Loopback1

crypto map test client authentication list authen

crypto map test isakmp authorization list author

crypto map test client configuration address respond

crypto map test 10 ipsec-isakmp dynamic vpn-client

!

!

!

ip access-list extended VPN_ACL

permit ip host 10.10.56.50 10.1.1.0 0.0.0.255

permit ip host 10.10.85.85 10.1.1.0 0.0.0.255

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: Server Connectitivity through VPN

Hi, Ali Abdu

Please try the command below

crypto ipsec nat-transperancy udp-encaps under global mode. Then please let me know

Abdussamad

8 REPLIES

Re: Server Connectitivity through VPN

Hi,

If some users connect and access the resources fine most likely the VPN configuration is fine.

Maybe the users having the problems are having problems on the VPN client side like ESP being blocked, NAT-T not enabled, firewall, etc.

Check if there's any pattern with the users having the problem that can help use fix the problem.

Also please be specific on what the problem is with those clients.


Federico.

New Member

Re: Server Connectitivity through VPN

Thanks for the reply.

Could you please let me know that how I can enable ESP and NAT-T on VPN client side.All the clients are getting same problem. One time it will work and if disconnecting VPN and connecting again will not work.

Thanks

Abdussamad

Re: Server Connectitivity through VPN

Hi,

What you need to check on the client side is that there's no Firewall or device blocking ESP traffic (IP protocol 50). This is the protocol used to send the VPN encrypted traffic.

Also check that UDP 500 and UDP 4500 are not being blocked.

On the client itself NAT-T should be enabled by default but you can confirm it's enabled by going to the VPN client connection entry and under the transport tab.

Federico.

New Member

Re: Server Connectitivity through VPN

Hi,

VPN client is connecting without any problem. Even I can telnet to the router through VPN. I think VPN cannot connect if UDP 500 and UDP 4500 are blocked.

IPSEC/UDP is there under the transport tab

Regards

Chalilakath

Re: Server Connectitivity through VPN

Let's see...

You say that all clients are able to connect fine... but if they disconnect and try to connect again that's when you see the problem?

If there are able to connect sometimes I don't think there's any problem on the server side...

Question:

When a VPN client cannot connect, does the Internet connection works fine at that very moment on the client side?

i.e. Can the client PING the VPN server public IP when it cannot connect?

Federico.

New Member

Re: Server Connectitivity through VPN

Hi,

I think you are confused. The VPN server doesen't have any prob.It can connect every time. I am talking about connectivity to the server farm through VPN.

Abdu

New Member

Re: Server Connectitivity through VPN

Hi, Ali Abdu

Please try the command below

crypto ipsec nat-transperancy udp-encaps under global mode. Then please let me know

Abdussamad

New Member

Re: Server Connectitivity through VPN

It worked, Thanks a lot

ALi Abdu

547
Views
0
Helpful
8
Replies
CreatePlease login to create content