Question : IPSEC PASS-THROUGH Cisco Soho 77 does not work, HELP !!!

Hello

I have got the following problem:

192.168.2.20 <- 192.168.2.1 - x.x.x.x <- INTERNET <- y.y.y.y - 192.168.1.1 <- 192.168.1.2
W2K-SRV <- VPN Router <- <- Cisco Soho 77 router <- W2K Software VPN

I have changed to a new Cisco Soho 77 router instead og the old Cisco 677 router.

But even with the Cisco Soho 77 the VPN does not work.

If I dial out to the internet with a modem the VPN client connects perfectly.

When I look in the log of the VPN client, I can see that Phase I is OK, but it retries PHASE II over and over again.

I have tried to add a static nat entry udp500->192.168.1.2 but it changes nothing...

Below is the configuration of the router

6x116140#show ver
Cisco Internetwork Operating System Software
IOS (tm) SOHO70 Software (SOHO70-Y1-M), Version 12.1(3)XP2, EARLY DEPLOYMENT REL
EASE SOFTWARE (fc1)
TAC:Home:SW:IOS:Specials for info
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Tue 14-Nov-00 09:57 by detang
Image text-base: 0x80013170, data-base: 0x80512664

ROM: System Bootstrap, Version 12.1(3r)XP, RELEASE SOFTWARE (fc1)
ROM: SOHO70 Software (SOHO70-Y1-M), Version 12.1(3)XP2, EARLY DEPLOYMENT RELEASE
SOFTWARE (fc1)

6x116140 uptime is 19 minutes
System returned to ROM by reload
System image file is "flash:soho70-y1-mz.121-3.XP2.bin"

CISCO SOHO 77 (MPC855T) processor (revision 0x501) with 15360K/1024K bytes of me
mory.
Processor board ID JAD04525IHN (1356313214), with hardware revision 0000
CPU rev number 5
Bridging software.
1 Ethernet/IEEE 802.3 interface(s)
1 ATM network interface(s)
128K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102

--------

6x116140#show running
Building configuration...

Current configuration:
!
version 12.1
no service pad
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
!
hostname 6x116140
!
logging buffered 8192 debugging
logging console warnings
enable secret 5 $1$.M2I$R7cJHUzatrkOibRebUqz60
!
clock timezone MET 1
clock summer-time MET-DST recurring last Sun Mar 2:00 last Sun Oct 3:00
ip subnet-zero
no ip finger
ip dhcp excluded-address 192.168.1.2
ip dhcp excluded-address 192.168.1.254
!
ip dhcp pool soho77
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 212.54.64.170 212.54.64.171
lease 0 1
!
!
!
!
interface Loopback0
no ip address
!
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
ip nat inside
no keepalive
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode ansi-dmt
!
interface Dialer0
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username 6x116140 password 7 13302D450F5F320939
!
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.1.1 23 interface Dialer0 23000
ip nat inside source static udp 192.168.1.2 500 interface Dialer0 500
ip nat inside source static 192.168.1.2 62.79.105.130 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.0.0 255.255.0.0 192.168.1.254
no ip http server
!
access-list 1 permit 192.168.0.0 0.0.255.255
access-list 100 deny icmp any any redirect
access-list 100 deny udp any any eq 19
access-list 100 deny tcp any any eq 31 syn
access-list 100 deny tcp any any eq 41 syn
access-list 100 deny tcp any any eq 58 syn
access-list 100 deny tcp any any eq 90 syn
access-list 100 deny tcp any any eq 121 syn
access-list 100 deny udp any any eq 135
access-list 100 deny tcp any any eq 135 syn
access-list 100 deny udp any any range 136 140
access-list 100 deny tcp any any range 136 140 syn
access-list 100 deny tcp any any eq 421 syn
access-list 100 deny tcp any any eq 456 syn
access-list 100 deny tcp any any eq 531 syn
access-list 100 deny tcp any any eq 555 syn
access-list 100 deny tcp any any eq 911 syn
access-list 100 deny tcp any any eq 999 syn
access-list 100 deny udp any any eq 1349
access-list 100 deny udp any any eq 6838
access-list 100 deny udp any any eq 8787
access-list 100 deny udp any any eq 8879
access-list 100 deny udp any any eq 9325
access-list 100 deny tcp any any eq 12345 syn
access-list 100 deny udp any any eq 31335
access-list 100 deny udp any any eq 31337
access-list 100 deny udp any any eq 31338
access-list 100 deny udp any any eq 54320
access-list 100 deny udp any any eq 54321
access-list 100 permit ip any any
dialer-list 1 protocol ip permit
!
line con 0
exec-timeout 60 0
password 7 073A1B1B4A5A2F2605
login
transport input none
stopbits 1
line vty 0 4
exec-timeout 60 0
password 7 073A1B1B4A5A2F2605
login
!
scheduler max-task-time 5000
end

6x116140#

Please help...

Answer : IPSEC PASS-THROUGH Cisco Soho 77 does not work, HELP !!!

PAQed, with points refunded (80)

Computer101
E-E Admin

Random Solutions

IPs for Public DNS behind Firewall

Kerberos Problems on Win 2003 Member Servers

How to configure jetdirect

Why do I have high ping and a slow Internet connection on a DSL line?

On boot, network drives not initialized for Windows Workgroup

Securing a WiFi network.

Profile loading errors

Detect Broadcast Packets???

Wireless - verifying identity

Operation aborted because SYS:SYSTEM\PRODUCTS.DAT could not be accessed