|
Question : IPSEC PASS-THROUGH Cisco Soho 77 does not work, HELP !!!
|
|
Hello
I have got the following problem:
192.168.2.20 <- 192.168.2.1 - x.x.x.x <- INTERNET <- y.y.y.y - 192.168.1.1 <- 192.168.1.2 W2K-SRV <- VPN Router <- <- Cisco Soho 77 router <- W2K Software VPN
I have changed to a new Cisco Soho 77 router instead og the old Cisco 677 router.
But even with the Cisco Soho 77 the VPN does not work.
If I dial out to the internet with a modem the VPN client connects perfectly.
When I look in the log of the VPN client, I can see that Phase I is OK, but it retries PHASE II over and over again.
I have tried to add a static nat entry udp500->192.168.1.2 but it changes nothing...
Below is the configuration of the router
6x116140#show ver Cisco Internetwork Operating System Software IOS (tm) SOHO70 Software (SOHO70-Y1-M), Version 12.1(3)XP2, EARLY DEPLOYMENT REL EASE SOFTWARE (fc1) TAC:Home:SW:IOS:Specials for info Copyright (c) 1986-2000 by cisco Systems, Inc. Compiled Tue 14-Nov-00 09:57 by detang Image text-base: 0x80013170, data-base: 0x80512664
ROM: System Bootstrap, Version 12.1(3r)XP, RELEASE SOFTWARE (fc1) ROM: SOHO70 Software (SOHO70-Y1-M), Version 12.1(3)XP2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
6x116140 uptime is 19 minutes System returned to ROM by reload System image file is "flash:soho70-y1-mz.121-3.XP2.bin"
CISCO SOHO 77 (MPC855T) processor (revision 0x501) with 15360K/1024K bytes of me mory. Processor board ID JAD04525IHN (1356313214), with hardware revision 0000 CPU rev number 5 Bridging software. 1 Ethernet/IEEE 802.3 interface(s) 1 ATM network interface(s) 128K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102
--------
6x116140#show running Building configuration...
Current configuration: ! version 12.1 no service pad service timestamps debug datetime localtime show-timezone service timestamps log datetime localtime show-timezone service password-encryption ! hostname 6x116140 ! logging buffered 8192 debugging logging console warnings enable secret 5 $1$.M2I$R7cJHUzatrkOibRebUqz60 ! clock timezone MET 1 clock summer-time MET-DST recurring last Sun Mar 2:00 last Sun Oct 3:00 ip subnet-zero no ip finger ip dhcp excluded-address 192.168.1.2 ip dhcp excluded-address 192.168.1.254 ! ip dhcp pool soho77 network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 212.54.64.170 212.54.64.171 lease 0 1 ! ! ! ! interface Loopback0 no ip address ! interface Ethernet0 ip address 192.168.1.1 255.255.255.0 ip nat inside no keepalive ! interface ATM0 no ip address no atm ilmi-keepalive pvc 0/35 encapsulation aal5mux ppp dialer dialer pool-member 1 ! dsl operating-mode ansi-dmt ! interface Dialer0 ip address negotiated ip nat outside encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication pap callin ppp pap sent-username 6x116140 password 7 13302D450F5F320939 ! ip nat inside source list 1 interface Dialer0 overload ip nat inside source static tcp 192.168.1.1 23 interface Dialer0 23000 ip nat inside source static udp 192.168.1.2 500 interface Dialer0 500 ip nat inside source static 192.168.1.2 62.79.105.130 extendable ip classless ip route 0.0.0.0 0.0.0.0 Dialer0 ip route 192.168.0.0 255.255.0.0 192.168.1.254 no ip http server ! access-list 1 permit 192.168.0.0 0.0.255.255 access-list 100 deny icmp any any redirect access-list 100 deny udp any any eq 19 access-list 100 deny tcp any any eq 31 syn access-list 100 deny tcp any any eq 41 syn access-list 100 deny tcp any any eq 58 syn access-list 100 deny tcp any any eq 90 syn access-list 100 deny tcp any any eq 121 syn access-list 100 deny udp any any eq 135 access-list 100 deny tcp any any eq 135 syn access-list 100 deny udp any any range 136 140 access-list 100 deny tcp any any range 136 140 syn access-list 100 deny tcp any any eq 421 syn access-list 100 deny tcp any any eq 456 syn access-list 100 deny tcp any any eq 531 syn access-list 100 deny tcp any any eq 555 syn access-list 100 deny tcp any any eq 911 syn access-list 100 deny tcp any any eq 999 syn access-list 100 deny udp any any eq 1349 access-list 100 deny udp any any eq 6838 access-list 100 deny udp any any eq 8787 access-list 100 deny udp any any eq 8879 access-list 100 deny udp any any eq 9325 access-list 100 deny tcp any any eq 12345 syn access-list 100 deny udp any any eq 31335 access-list 100 deny udp any any eq 31337 access-list 100 deny udp any any eq 31338 access-list 100 deny udp any any eq 54320 access-list 100 deny udp any any eq 54321 access-list 100 permit ip any any dialer-list 1 protocol ip permit ! line con 0 exec-timeout 60 0 password 7 073A1B1B4A5A2F2605 login transport input none stopbits 1 line vty 0 4 exec-timeout 60 0 password 7 073A1B1B4A5A2F2605 login ! scheduler max-task-time 5000 end
6x116140#
Please help...
|
Answer : IPSEC PASS-THROUGH Cisco Soho 77 does not work, HELP !!!
|
|
PAQed, with points refunded (80)
Computer101 E-E Admin
|
|
|
|