Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN not passing traffic

With Cisco VPN client  on Win 7 64bit I connect with no problem and get my ip. I can't ping the router. Looking at the VPN client log shows this:

Cisco Systems VPN Client Version 5.0.07.0440
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.1.7601 Service Pack 1
Config file directory: C:\Program Files (x86)\Cisco Systems\VPN Client\

1      06:12:05.193  03/15/12  Sev=Warning/3 IKE/0xE3000085
The length, 0, of the Mode Config option, INTERNAL_IPV4_NETMASK, is invalid

2      06:12:10.505  03/15/12  Sev=Warning/2 CVPND/0xE3400013
AddRoute failed to add a route with metric of 0: code 160
Destination 192.168.252.255
Netmask 255.255.255.255
Gateway 192.168.8.1
Interface 192.168.8.97

3      06:12:10.505  03/15/12  Sev=Warning/2 CM/0xA3100024
Unable to add route. Network: c0a8fcff, Netmask: ffffffff, Interface: c0a80861, Gateway: c0a80801.

version 12.3
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname MVVC-GW
!
boot-start-marker
boot-end-marker
!
clock timezone cst -6
clock summer-time cdt recurring
aaa new-model
!
aaa authentication login clientauth local
aaa authentication ppp default local
aaa authorization network groupauthor local
aaa session-id common
ip subnet-zero
ip icmp rate-limit unreachable 2000
ip icmp rate-limit unreachable DF 2000
ip telnet hidden addresses
ip cef
!
!
no ip domain lookup
ip dhcp excluded-address 192.168.6.1 192.168.6.10
!
ip dhcp pool mvvc-dmz
   network 192.168.6.0 255.255.255.0
   dns-server 68.94.157.1
   default-router 192.168.6.1
!
no ip bootp server
ip audit po max-events 50
ip audit smtp spam 25
vpdn enable
vpdn ip udp ignore checksum
!
crypto keyring MVVCVPN
  pre-shared-key address 0.0.0.0 0.0.0.0 key ********
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group MVVC-Remote
key **********
dns 192.168.8.10 192.168.8.20
wins 192.168.8.10 192.168.8.20
domain manchacavet.com
pool MVVC-VPN
crypto isakmp profile L2L
   description LANtoLAN for Remote Connections
   keyring MVVCVPN
   match identity address 0.0.0.0
crypto isakmp profile MVVC_VPN_Client
   description VPN clients profile
   match identity group MVVC-Remote
   client authentication list clientauth
   isakmp authorization list groupauthor
   client configuration address respond
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 5
set transform-set myset
set isakmp-profile MVVC_VPN_Client
crypto dynamic-map dynmap 10
set transform-set myset
set isakmp-profile L2L
!
crypto map mymap 10 ipsec-isakmp dynamic dynmap
!
interface FastEthernet0/0
description MVVC Inside
ip address 192.168.8.1 255.255.255.0
ip nat inside
no ip mroute-cache
duplex auto
speed auto
!
interface FastEthernet0/1
description To MVVC DMZ
ip address 192.168.6.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Ethernet1/0
description To AT&T
no ip address
no ip unreachables
no ip proxy-arp
ip nat outside
no ip route-cache cef
no ip route-cache
full-duplex
pppoe enable group global
pppoe-client dial-pool-number 1
no cdp enable
!
interface Dialer1
mtu 1492
ip address 99.66.57.126 255.255.255.248
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp chap hostname tdsdvm@sbcglobal.net
ppp chap password 7 0011040E520352
ppp pap sent-username tdsdvm@sbcglobal.net password 7 ***************
crypto map mymap
!
router rip
version 2
passive-interface Dialer1
network 192.168.0.0
no auto-summary
!
ip local pool MVVC-VPN 192.168.8.97 192.168.8.126
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static 192.168.8.28 99.66.57.122
ip nat inside source static 192.168.8.12 99.66.57.125
ip nat inside source static 192.168.8.9 99.66.57.124
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
logging 192.168.8.23
access-list 1 permit any
dialer-list 1 protocol ip permit
!
dial-peer cor custom
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
privilege level 15
transport input telnet ssh
!
ntp clock-period 17180149
ntp source Ethernet1/0
ntp master 6
ntp server 68.94.156.17 prefer
ntp server 68.94.157.2
!
end

  • VPN
869
Views
0
Helpful
0
Replies
This widget could not be displayed.