Problems with IP-SEC VPN through SOHO-96 ADSL router

Discussion in 'Cisco' started by r.villerius@gmail.com, Apr 19, 2006.

  1. Guest

    Hello,

    I have the following wish, I want to connect at home from my lan to my
    employers network. My employer has a Cisco VPN concentrator that works
    fine. First I had a speedtouch ADSL router no problem just connect with
    Freeswan VPN to the Cisco and it just worked.
    A week ago I replaced the Speedtouch with a Cisco SOHO 96 ADSL
    modem/router. I configured it and it worked, at least I thought it did.
    I discovered that I couldn't create A VPN tunnel through that modem.
    That means I can create a connection but when I actually want to do
    something through the tunnel I get the following lines into the console
    of my SOHO:
    1w2d: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has
    invalid spi for destaddr=<my local IP>, prot=50,
    spi=0x9442D3CB(-1807559733), srcaddr=<my employers IP>

    First I had some access-list issues but that I already solved (I can do
    a little bit by myself :) )

    Someone any idea what goes wrong and what the solution is, other than
    switching back to my Speedtouch.

    CU

    Roel
     
    , Apr 19, 2006
    #1
    1. Advertising

  2. Hello,

    I found the solution already.
    I have to tell my Cisco explicit that I have a IPSEC tunnel. This I have
    done with the following commands:
    ip nat inside source static esp <local client IP> interface Dialer1
    ip nat inside source static udp <local client IP> 500 interface Dialer1
    500

    That was the trick for me.

    CU

    Roel



    On Wed, 19 Apr 2006 01:09:43 -0700, r.villerius wrote:

    > Hello,
    >
    > I have the following wish, I want to connect at home from my lan to my
    > employers network. My employer has a Cisco VPN concentrator that works
    > fine. First I had a speedtouch ADSL router no problem just connect with
    > Freeswan VPN to the Cisco and it just worked.
    > A week ago I replaced the Speedtouch with a Cisco SOHO 96 ADSL
    > modem/router. I configured it and it worked, at least I thought it did.
    > I discovered that I couldn't create A VPN tunnel through that modem.
    > That means I can create a connection but when I actually want to do
    > something through the tunnel I get the following lines into the console
    > of my SOHO:
    > 1w2d: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has
    > invalid spi for destaddr=<my local IP>, prot=50,
    > spi=0x9442D3CB(-1807559733), srcaddr=<my employers IP>
    >
    > First I had some access-list issues but that I already solved (I can do
    > a little bit by myself :) )
    >
    > Someone any idea what goes wrong and what the solution is, other than
    > switching back to my Speedtouch.
    >
    > CU
    >
    > Roel
     
    Roel Villerius, Apr 19, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Clemens Schwaighofer

    No PAT from Higher Sec to Lower Sec interface

    Clemens Schwaighofer, Oct 20, 2005, in forum: Cisco
    Replies:
    0
    Views:
    519
    Clemens Schwaighofer
    Oct 20, 2005
  2. =?Utf-8?B?QW1hbiBCLg==?=

    Upgrade path: MCSA2000:Sec -> MCSA2003 -> MCSE2003:Sec ?

    =?Utf-8?B?QW1hbiBCLg==?=, Sep 7, 2005, in forum: MCSE
    Replies:
    4
    Views:
    907
  3. Bob Christian
    Replies:
    1
    Views:
    508
    =?Utf-8?B?QW1hbiBCLg==?=
    Dec 13, 2005
  4. The Rev [MCT]
    Replies:
    0
    Views:
    452
    The Rev [MCT]
    Dec 13, 2005
  5. =?Utf-8?B?QW1hbiBCLg==?=
    Replies:
    0
    Views:
    441
    =?Utf-8?B?QW1hbiBCLg==?=
    Dec 13, 2005
Loading...

Share This Page