Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Site to Site IPSEC VTI + VPN Client on a stick

Hi,

Currently have a working site to site Ipsec VTI with zone-based firewall.

Now I would like to configure the router to allow remote VPN client (using a stick) to access the network behind the router.(see attached diagram)

Can the experts take a look at my configuration and advise me the problem.

Thank you

3 REPLIES
New Member

Re: Site to Site IPSEC VTI + VPN Client on a stick

Hi,

Any one can help??

Cisco Employee

Re: Site to Site IPSEC VTI + VPN Client on a stick

Hi Kim,

The config for the VPN part seems alright. But, there seems to be no zone-pair for Inside-Ezclient and vice versa and also for Outside-Ezclient and vice versa.

Please create zone-pairs for those as well and allow/deny necessary traffic. For Outside-Ezclient and vice versa, you will need to allow ESP and UDP 4500 as well. For Inside-Ezclient and vice versa, if you want the VPN clients to be able to access anything, a "permit ip any any" would do.

Let me know if it works.

Regards,

Prapanch

New Member

Re: Site to Site IPSEC VTI + VPN Client on a stick

Hi,

I amended as your advise but still have the same  error below: What may be the problem?

Cisco Systems VPN Client Version 5.0.00.0340
Copyright (C) 1998-2006 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 3

11     10:14:53.187  09/14/10  Sev=Warning/2    IKE/0xE300009B
Invalid SPI size (PayloadNotify:116)

12     10:14:53.187  09/14/10  Sev=Warning/3    IKE/0xA3000058
Received malformed message or negotiation no longer active (message id: 0x00000000)

Thank you

580
Views
0
Helpful
3
Replies