VPN Client 4.x to IOS

Discussion in 'Cisco' started by Chris Ames-Farrow, Sep 7, 2004.

  1. Having managed to get the clients to connect to the router and build
    an IPSec tunnel, I've come up against the next issue:

    The client is issued an IP address in the range 10.10.3.100 to
    10.10.3.200 - this works correctly.

    I have a Windows 2003 server on IP address 172.31.251.129 that the
    clients connect to using RDP (TCP 3398).

    In the access list applied to the interface the VPN is terminated on,
    I have appropriate permit statements to allow VPN client traffic in
    bound and to allow decrypted traffic through:

    permit udp any host xxx.xxx.xxx.xxx eq isakmp
    permit udp any host xxx.xxx.xxx.xxx eq non500-isakmp
    permit tcp 10.10.3.0 0.0.0.255 host 172.31.251.129 eq 3389

    However, traffic to the server is denied and, as we have

    deny ip any any log-input

    at the end of the access list, our syslog server receives the
    following:

    %SEC-6-IPACCESSLOGP: list FastEthernet0/1.78:IN denied tcp
    10.10.3.115(1918) (FastEthernet0/1.78 6c69.656e.744c) ->
    172.31.251.129(3389), 1 packet

    The router is running 12.3(5) - I've looked on CCO, but can't find any
    VPN related bugs, which is probably down to me not specifying the
    correct search terms.

    Has anyone any suggestions, or have I run up against an IOS bug?

    --
    Chris Ames-Farrow
    Chris Ames-Farrow, Sep 7, 2004
    #1
    1. Advertising

  2. Can you post your config (without passwords)?

    -Russ
    CCIE #9473 (Security/R&S), CISSP

    Chris Ames-Farrow <> wrote in message
    news:<>...
    > Having managed to get the clients to connect to the router and build
    > an IPSec tunnel, I've come up against the next issue:
    >
    > The client is issued an IP address in the range 10.10.3.100 to
    > 10.10.3.200 - this works correctly.
    >
    > I have a Windows 2003 server on IP address 172.31.251.129 that the
    > clients connect to using RDP (TCP 3398).
    >
    > In the access list applied to the interface the VPN is terminated on,
    > I have appropriate permit statements to allow VPN client traffic in
    > bound and to allow decrypted traffic through:
    >
    > permit udp any host xxx.xxx.xxx.xxx eq isakmp
    > permit udp any host xxx.xxx.xxx.xxx eq non500-isakmp
    > permit tcp 10.10.3.0 0.0.0.255 host 172.31.251.129 eq 3389
    >
    > However, traffic to the server is denied and, as we have
    >
    > deny ip any any log-input
    >
    > at the end of the access list, our syslog server receives the
    > following:
    >
    > %SEC-6-IPACCESSLOGP: list FastEthernet0/1.78:IN denied tcp
    > 10.10.3.115(1918) (FastEthernet0/1.78 6c69.656e.744c) ->
    > 172.31.251.129(3389), 1 packet
    >
    > The router is running 12.3(5) - I've looked on CCO, but can't find any
    > VPN related bugs, which is probably down to me not specifying the
    > correct search terms.
    >
    > Has anyone any suggestions, or have I run up against an IOS bug?
    Russell Lusignan, Sep 7, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. hk
    Replies:
    0
    Views:
    1,907
  2. MP
    Replies:
    2
    Views:
    12,210
  3. jarcar
    Replies:
    0
    Views:
    565
    jarcar
    Feb 12, 2004
  4. Jaros³aw Skórka

    VPN - Cisco IOS <-> VPN Client - problem

    Jaros³aw Skórka, Feb 1, 2005, in forum: Cisco
    Replies:
    1
    Views:
    3,082
  5. Mike Rahl
    Replies:
    1
    Views:
    1,179
    Trendkill
    May 30, 2007
Loading...

Share This Page