Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > What am I missing? Cisco 827, Laptop and VPN

Reply
Thread Tools

What am I missing? Cisco 827, Laptop and VPN

 
 
Jerry
Guest
Posts: n/a
 
      10-24-2003
I have tried for a week to get this to work, and have run out of ideas. On
my laptop, I'm using a Cisco VPN client to go to a Cisco concentrator. No
matter what I do, I can't get it to connect to the other locations gateway.
To eliminate my firewall, switch etc. I plugged the laptop directly to the
e0 port of the 827.

My config:
Inside network: 192.169.1.X
Ouside 10.1.1.X (Outside port of my firewall, and e0 port of 827, however
firewall is irrelevant as stated above.)
PPPoE, Dynamic public IP provided by ISP to Dialer1
Laptop set up with 10.1.1.X TCP/IP properties since I connected directly to
the 827.
I'm using NAT, and the destination concentrator has NAT Traversal enabled.

Yet, no matter what I do or try, I can't get a tunnel. It just times out. I
was thinking I needed to add a command in the router to allow IPSec tunnels
through, but I thought that was default. I thought it could be IOS
compatablility, but I'm using ver.12.4. Here is my router config and show
ver. Any ideas? Thanks.

Configuration (Show Ver is below, passwords etc. xxx'd out):

Using 1377 out of 131072 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname DSLRouter
!
enable secret 5 $1$V5ao$gOB3j2GaiZV.x0aUcKkpw/
enable password xxxxxx
!
ip subnet-zero
!
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
ip mtu adjust
!
interface Ethernet0
ip address 10.1.1.1 255.0.0.0
ip nat inside
hold-queue 100 out
!
interface ATM0
mtu 1492
no ip address
no atm ilmi-keepalive
pvc 0/35
pppoe-client dial-pool-number 1
!
dsl operating-mode auto
hold-queue 224 in
!
interface Dialer1
mtu 1492
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname xxxxxxx
ppp chap password 7 0836435C581F0013
ppp pap sent-username xxxxxxx password 7 0836435C581F0013
!
ip nat inside source list 10 interface Dialer1 overload
ip nat inside source list 19 interface Dialer1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 192.168.1.0 255.255.255.0 10.1.1.35
no ip http server
!
!
access-list 10 permit 10.0.0.0 0.255.255.255
access-list 10 permit 192.0.0.0 0.255.255.255
access-list 10 permit 199.0.0.0 0.255.255.255
dialer-list 1 protocol ip permit
banner motd ^Cc
Good Morning ^C
!
line con 0
stopbits 1
line vty 0 4
password xxxxxx
login
scheduler max-task-time 5000
end

Show Version:

Cisco Internetwork Operating System Software
IOS (tm) C820 Software (C820-Y6-M), Version 12.2(4)YA6, EARLY DEPLOYMENT
RELEASE
SOFTWARE (fc1)
Synched to technology version 12.2(5.4)T
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Wed 23-Jul-03 13:12 by ealyon
Image text-base: 0x80013170, data-base: 0x8067CF58

ROM: System Bootstrap, Version 12.1(1r)XB1, RELEASE SOFTWARE (fc1)
ROM: C820 Software (C820-Y6-M), Version 12.2(4)YA6, EARLY DEPLOYMENT RELEASE
SOF
TWARE (fc1)

DSLRouter uptime is 7 minutes
System returned to ROM by reload
System image file is "flash:c820-y6-mz.122-4.YA6.bin"

CISCO C827 (MPC855T) processor (revision 0x501) with 15360K/1024K bytes of
memor
y.
Processor board ID JAD0431075R (824502564), with hardware revision 0000
CPU rev number 5
Bridging software.
1 Ethernet/IEEE 802.3 interface(s)
1 ATM network interface(s)
128K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)
2048K bytes of processor board Web flash (Read/Write)

Configuration register is 0x2102


 
Reply With Quote
 
 
 
 
annoyed@net.spammers
Guest
Posts: n/a
 
      10-24-2003
On Thu, 23 Oct 2003 19:19:00 -0500, "Jerry" <(E-Mail Removed)> wrote:

>I have tried for a week to get this to work, and have run out of ideas. On
>my laptop, I'm using a Cisco VPN client to go to a Cisco concentrator. No
>matter what I do, I can't get it to connect to the other locations gateway.
>To eliminate my firewall, switch etc. I plugged the laptop directly to the
>e0 port of the 827.
>
>My config:
>Inside network: 192.169.1.X
>Ouside 10.1.1.X (Outside port of my firewall, and e0 port of 827, however
>firewall is irrelevant as stated above.)
>PPPoE, Dynamic public IP provided by ISP to Dialer1
>Laptop set up with 10.1.1.X TCP/IP properties since I connected directly to
>the 827.
>I'm using NAT, and the destination concentrator has NAT Traversal enabled.
>
>Yet, no matter what I do or try, I can't get a tunnel. It just times out. I
>was thinking I needed to add a command in the router to allow IPSec tunnels
>through, but I thought that was default. I thought it could be IOS
>compatablility, but I'm using ver.12.4. Here is my router config and show
>ver. Any ideas? Thanks.
>


<snip>

I have the 827 and was using the Nortel Networks VPN client for work and
couldn't get it to pass the IPSec packets while I had NAT running on the
router. I had to use the real IP addresses inside that were assigned by my
ISP and my VPN connection would then work. I do not know if the Cisco VPN
client behaves the same way, but the Nortel client plus inside NAT would not
work with my 827. If someone does have a config to make NAT work with these
clients, I would like to know too!
--
http://www.velocityreviews.com/forums/(E-Mail Removed)mers
Ban low performance drivers, not high performance cars!
"Guns are no more responsible for killing people than spoons are
responsible for making Rosie O'Donnell and Oprah Winfrey fat." -- Unknown
"Rosie O'Donnell puts the 'hippo' in 'hypocrite'" - CW
 
Reply With Quote
 
 
 
 
Jerry
Guest
Posts: n/a
 
      10-24-2003

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Thu, 23 Oct 2003 19:19:00 -0500, "Jerry" <(E-Mail Removed)>

wrote:
>
> >I have tried for a week to get this to work, and have run out of ideas.

On
> >my laptop, I'm using a Cisco VPN client to go to a Cisco concentrator.

No
> >matter what I do, I can't get it to connect to the other locations

gateway.
> >To eliminate my firewall, switch etc. I plugged the laptop directly to

the
> >e0 port of the 827.
> >
> >My config:
> >Inside network: 192.169.1.X
> >Ouside 10.1.1.X (Outside port of my firewall, and e0 port of 827, however
> >firewall is irrelevant as stated above.)
> >PPPoE, Dynamic public IP provided by ISP to Dialer1
> >Laptop set up with 10.1.1.X TCP/IP properties since I connected directly

to
> >the 827.
> >I'm using NAT, and the destination concentrator has NAT Traversal

enabled.
> >
> >Yet, no matter what I do or try, I can't get a tunnel. It just times out.

I
> >was thinking I needed to add a command in the router to allow IPSec

tunnels
> >through, but I thought that was default. I thought it could be IOS
> >compatablility, but I'm using ver.12.4. Here is my router config and show
> >ver. Any ideas? Thanks.
> >

>
> <snip>
>
> I have the 827 and was using the Nortel Networks VPN client for work and
> couldn't get it to pass the IPSec packets while I had NAT running on the
> router. I had to use the real IP addresses inside that were assigned by

my
> ISP and my VPN connection would then work. I do not know if the Cisco VPN
> client behaves the same way, but the Nortel client plus inside NAT would

not
> work with my 827. If someone does have a config to make NAT work with

these
> clients, I would like to know too!
> --

I haven't tried it yet, but I added the command 'IP TCP ADJUST-MSS 1452' to
e0. The 827 does not like anything more than 1492 in my experience. Who
knows, maybe that will do the trick. Otherwise, I'm just going to spend the
extra $ and get a static IP or two. NAT is great, but it sucks for VPN.


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
USB Keys and Cisco VPN Concentrator / Cisco VPN Client ? TechGuy Cisco 3 02-05-2009 01:05 PM
Laptop A -> Wireless Router -> Laptop B and Laptop C ??? rafael Wireless Networking 7 01-21-2008 02:10 AM
Cisco 1750 Router Cisco QoS Device Manager Cisco VPN Device Manager Rene Kuhn Cisco 0 12-28-2005 08:45 PM
VPN Connection Problems between Cisco PIX 506E and Cisco VPN Concentrator 3005 Kai Cisco 0 02-15-2005 02:03 PM
Cisco vpn server enabled / VPN and no-VPN connections mix Elise Cisco 6 05-22-2004 07:55 AM



Advertisments