Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN not passing traffic

With Cisco VPN client  on Win 7 64bit I connect with no problem and get my ip. I can't ping the router. Looking at the VPN client log shows this:

Cisco Systems VPN Client Version
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.1.7601 Service Pack 1
Config file directory: C:\Program Files (x86)\Cisco Systems\VPN Client\

1      06:12:05.193  03/15/12  Sev=Warning/3 IKE/0xE3000085
The length, 0, of the Mode Config option, INTERNAL_IPV4_NETMASK, is invalid

2      06:12:10.505  03/15/12  Sev=Warning/2 CVPND/0xE3400013
AddRoute failed to add a route with metric of 0: code 160

3      06:12:10.505  03/15/12  Sev=Warning/2 CM/0xA3100024
Unable to add route. Network: c0a8fcff, Netmask: ffffffff, Interface: c0a80861, Gateway: c0a80801.

version 12.3
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
hostname MVVC-GW
clock timezone cst -6
clock summer-time cdt recurring
aaa new-model
aaa authentication login clientauth local
aaa authentication ppp default local
aaa authorization network groupauthor local
aaa session-id common
ip subnet-zero
ip icmp rate-limit unreachable 2000
ip icmp rate-limit unreachable DF 2000
ip telnet hidden addresses
ip cef
no ip domain lookup
ip dhcp excluded-address
ip dhcp pool mvvc-dmz
no ip bootp server
ip audit po max-events 50
ip audit smtp spam 25
vpdn enable
vpdn ip udp ignore checksum
crypto keyring MVVCVPN
  pre-shared-key address key ********
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group MVVC-Remote
key **********
crypto isakmp profile L2L
   description LANtoLAN for Remote Connections
   keyring MVVCVPN
   match identity address
crypto isakmp profile MVVC_VPN_Client
   description VPN clients profile
   match identity group MVVC-Remote
   client authentication list clientauth
   isakmp authorization list groupauthor
   client configuration address respond
crypto ipsec transform-set myset esp-3des esp-sha-hmac
crypto dynamic-map dynmap 5
set transform-set myset
set isakmp-profile MVVC_VPN_Client
crypto dynamic-map dynmap 10
set transform-set myset
set isakmp-profile L2L
crypto map mymap 10 ipsec-isakmp dynamic dynmap
interface FastEthernet0/0
description MVVC Inside
ip address
ip nat inside
no ip mroute-cache
duplex auto
speed auto
interface FastEthernet0/1
description To MVVC DMZ
ip address
ip nat inside
duplex auto
speed auto
interface Ethernet1/0
description To AT&T
no ip address
no ip unreachables
no ip proxy-arp
ip nat outside
no ip route-cache cef
no ip route-cache
pppoe enable group global
pppoe-client dial-pool-number 1
no cdp enable
interface Dialer1
mtu 1492
ip address
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp chap hostname
ppp chap password 7 0011040E520352
ppp pap sent-username password 7 ***************
crypto map mymap
router rip
version 2
passive-interface Dialer1
no auto-summary
ip local pool MVVC-VPN
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static
ip nat inside source static
ip nat inside source static
ip classless
ip route Dialer1
access-list 1 permit any
dialer-list 1 protocol ip permit
dial-peer cor custom
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
privilege level 15
transport input telnet ssh
ntp clock-period 17180149
ntp source Ethernet1/0
ntp master 6
ntp server prefer
ntp server

  • VPN
This widget could not be displayed.