What am I missing? Cisco 827, Laptop and VPN

Discussion in 'Cisco' started by Jerry, Oct 24, 2003.

  1. Jerry

    Jerry Guest

    I have tried for a week to get this to work, and have run out of ideas. On
    my laptop, I'm using a Cisco VPN client to go to a Cisco concentrator. No
    matter what I do, I can't get it to connect to the other locations gateway.
    To eliminate my firewall, switch etc. I plugged the laptop directly to the
    e0 port of the 827.

    My config:
    Inside network: 192.169.1.X
    Ouside 10.1.1.X (Outside port of my firewall, and e0 port of 827, however
    firewall is irrelevant as stated above.)
    PPPoE, Dynamic public IP provided by ISP to Dialer1
    Laptop set up with 10.1.1.X TCP/IP properties since I connected directly to
    the 827.
    I'm using NAT, and the destination concentrator has NAT Traversal enabled.

    Yet, no matter what I do or try, I can't get a tunnel. It just times out. I
    was thinking I needed to add a command in the router to allow IPSec tunnels
    through, but I thought that was default. I thought it could be IOS
    compatablility, but I'm using ver.12.4. Here is my router config and show
    ver. Any ideas? Thanks.

    Configuration (Show Ver is below, passwords etc. xxx'd out):

    Using 1377 out of 131072 bytes
    !
    version 12.2
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    !
    hostname DSLRouter
    !
    enable secret 5 $1$V5ao$gOB3j2GaiZV.x0aUcKkpw/
    enable password xxxxxx
    !
    ip subnet-zero
    !
    vpdn enable
    !
    vpdn-group 1
    request-dialin
    protocol pppoe
    ip mtu adjust
    !
    interface Ethernet0
    ip address 10.1.1.1 255.0.0.0
    ip nat inside
    hold-queue 100 out
    !
    interface ATM0
    mtu 1492
    no ip address
    no atm ilmi-keepalive
    pvc 0/35
    pppoe-client dial-pool-number 1
    !
    dsl operating-mode auto
    hold-queue 224 in
    !
    interface Dialer1
    mtu 1492
    ip address negotiated
    ip nat outside
    encapsulation ppp
    dialer pool 1
    dialer-group 1
    ppp authentication chap pap callin
    ppp chap hostname xxxxxxx
    ppp chap password 7 0836435C581F0013
    ppp pap sent-username xxxxxxx password 7 0836435C581F0013
    !
    ip nat inside source list 10 interface Dialer1 overload
    ip nat inside source list 19 interface Dialer1 overload
    ip classless
    ip route 0.0.0.0 0.0.0.0 Dialer1
    ip route 192.168.1.0 255.255.255.0 10.1.1.35
    no ip http server
    !
    !
    access-list 10 permit 10.0.0.0 0.255.255.255
    access-list 10 permit 192.0.0.0 0.255.255.255
    access-list 10 permit 199.0.0.0 0.255.255.255
    dialer-list 1 protocol ip permit
    banner motd ^Cc
    Good Morning ^C
    !
    line con 0
    stopbits 1
    line vty 0 4
    password xxxxxx
    login
    scheduler max-task-time 5000
    end

    Show Version:

    Cisco Internetwork Operating System Software
    IOS (tm) C820 Software (C820-Y6-M), Version 12.2(4)YA6, EARLY DEPLOYMENT
    RELEASE
    SOFTWARE (fc1)
    Synched to technology version 12.2(5.4)T
    TAC Support: http://www.cisco.com/tac
    Copyright (c) 1986-2003 by cisco Systems, Inc.
    Compiled Wed 23-Jul-03 13:12 by ealyon
    Image text-base: 0x80013170, data-base: 0x8067CF58

    ROM: System Bootstrap, Version 12.1(1r)XB1, RELEASE SOFTWARE (fc1)
    ROM: C820 Software (C820-Y6-M), Version 12.2(4)YA6, EARLY DEPLOYMENT RELEASE
    SOF
    TWARE (fc1)

    DSLRouter uptime is 7 minutes
    System returned to ROM by reload
    System image file is "flash:c820-y6-mz.122-4.YA6.bin"

    CISCO C827 (MPC855T) processor (revision 0x501) with 15360K/1024K bytes of
    memor
    y.
    Processor board ID JAD0431075R (824502564), with hardware revision 0000
    CPU rev number 5
    Bridging software.
    1 Ethernet/IEEE 802.3 interface(s)
    1 ATM network interface(s)
    128K bytes of non-volatile configuration memory.
    8192K bytes of processor board System flash (Read/Write)
    2048K bytes of processor board Web flash (Read/Write)

    Configuration register is 0x2102
     
    Jerry, Oct 24, 2003
    #1
    1. Advertising

  2. Jerry

    Guest

    On Thu, 23 Oct 2003 19:19:00 -0500, "Jerry" <> wrote:

    >I have tried for a week to get this to work, and have run out of ideas. On
    >my laptop, I'm using a Cisco VPN client to go to a Cisco concentrator. No
    >matter what I do, I can't get it to connect to the other locations gateway.
    >To eliminate my firewall, switch etc. I plugged the laptop directly to the
    >e0 port of the 827.
    >
    >My config:
    >Inside network: 192.169.1.X
    >Ouside 10.1.1.X (Outside port of my firewall, and e0 port of 827, however
    >firewall is irrelevant as stated above.)
    >PPPoE, Dynamic public IP provided by ISP to Dialer1
    >Laptop set up with 10.1.1.X TCP/IP properties since I connected directly to
    >the 827.
    >I'm using NAT, and the destination concentrator has NAT Traversal enabled.
    >
    >Yet, no matter what I do or try, I can't get a tunnel. It just times out. I
    >was thinking I needed to add a command in the router to allow IPSec tunnels
    >through, but I thought that was default. I thought it could be IOS
    >compatablility, but I'm using ver.12.4. Here is my router config and show
    >ver. Any ideas? Thanks.
    >


    <snip>

    I have the 827 and was using the Nortel Networks VPN client for work and
    couldn't get it to pass the IPSec packets while I had NAT running on the
    router. I had to use the real IP addresses inside that were assigned by my
    ISP and my VPN connection would then work. I do not know if the Cisco VPN
    client behaves the same way, but the Nortel client plus inside NAT would not
    work with my 827. If someone does have a config to make NAT work with these
    clients, I would like to know too!
    --
    mers
    Ban low performance drivers, not high performance cars!
    "Guns are no more responsible for killing people than spoons are
    responsible for making Rosie O'Donnell and Oprah Winfrey fat." -- Unknown
    "Rosie O'Donnell puts the 'hippo' in 'hypocrite'" - CW
     
    , Oct 24, 2003
    #2
    1. Advertising

  3. Jerry

    Jerry Guest

    <> wrote in message
    news:...
    > On Thu, 23 Oct 2003 19:19:00 -0500, "Jerry" <>

    wrote:
    >
    > >I have tried for a week to get this to work, and have run out of ideas.

    On
    > >my laptop, I'm using a Cisco VPN client to go to a Cisco concentrator.

    No
    > >matter what I do, I can't get it to connect to the other locations

    gateway.
    > >To eliminate my firewall, switch etc. I plugged the laptop directly to

    the
    > >e0 port of the 827.
    > >
    > >My config:
    > >Inside network: 192.169.1.X
    > >Ouside 10.1.1.X (Outside port of my firewall, and e0 port of 827, however
    > >firewall is irrelevant as stated above.)
    > >PPPoE, Dynamic public IP provided by ISP to Dialer1
    > >Laptop set up with 10.1.1.X TCP/IP properties since I connected directly

    to
    > >the 827.
    > >I'm using NAT, and the destination concentrator has NAT Traversal

    enabled.
    > >
    > >Yet, no matter what I do or try, I can't get a tunnel. It just times out.

    I
    > >was thinking I needed to add a command in the router to allow IPSec

    tunnels
    > >through, but I thought that was default. I thought it could be IOS
    > >compatablility, but I'm using ver.12.4. Here is my router config and show
    > >ver. Any ideas? Thanks.
    > >

    >
    > <snip>
    >
    > I have the 827 and was using the Nortel Networks VPN client for work and
    > couldn't get it to pass the IPSec packets while I had NAT running on the
    > router. I had to use the real IP addresses inside that were assigned by

    my
    > ISP and my VPN connection would then work. I do not know if the Cisco VPN
    > client behaves the same way, but the Nortel client plus inside NAT would

    not
    > work with my 827. If someone does have a config to make NAT work with

    these
    > clients, I would like to know too!
    > --

    I haven't tried it yet, but I added the command 'IP TCP ADJUST-MSS 1452' to
    e0. The 827 does not like anything more than 1492 in my experience. Who
    knows, maybe that will do the trick. Otherwise, I'm just going to spend the
    extra $ and get a static IP or two. NAT is great, but it sucks for VPN.
     
    Jerry, Oct 24, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Beppe
    Replies:
    0
    Views:
    4,154
    Beppe
    Jul 8, 2003
  2. Neil O'Callaghan

    Cisco 827 and VPN client 4.0 help please

    Neil O'Callaghan, Jul 23, 2003, in forum: Cisco
    Replies:
    2
    Views:
    787
    Neil O'Callaghan
    Jul 24, 2003
  3. Gadh
    Replies:
    1
    Views:
    654
    TheRealSlimShady
    Aug 27, 2003
  4. David Lee

    Cisco 827 -> Watchguard VPN

    David Lee, Sep 18, 2003, in forum: Cisco
    Replies:
    1
    Views:
    1,940
    Harri Suomalainen
    Sep 18, 2003
  5. Julien Cavoizy

    VPN between Safenet Client and cisco 827 ?

    Julien Cavoizy, Dec 4, 2003, in forum: Cisco
    Replies:
    1
    Views:
    547
    Rik Bain
    Dec 4, 2003
Loading...

Share This Page