contivity vpn client behind router with easy server

svardanega · ‎01-24-2006

Hi, I've seen this argument before, but without an effective solution.

I have a contivity client behind a 857 cisco router. This client needs to connect to a remote VPN server.

With NAT enable and easy VPN server disable all works fine.

When I enable easy VPN server on the 857 (I need to connect several dial-up cisco vpn client from outside to this office) the contivity client can't connect anymore to the remote vpn server and hang up with the famous "bannet text" error.

I think that because the external interface of the 857 is waiting for cisco vpn client to connect, it intercepts also the data from the remote contivity vpn server, not forwarding to the client inside the LAN.

If there is a way to "passthrough" the contivity connection data to the internal client it would be very nice.

Many thanks, Stefano.

spremkumar · ‎01-24-2006

hi

Can you post the config of the Cisco 857 here with public ips and the passwords masked ...

regds

svardanega · ‎01-24-2006

Hi, thanks for the reply.

The attachment is the conf created by cisco sdm.

The cisco easy vpn server works fine (except for the neighboorhood browsing, [I don't care now] )

Salutes, Stefano.

svardanega · ‎01-25-2006

Hi, I found a possible solution. At this page

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080235197.shtml

this is the interesting part:

!--- Dynamic crypto map.

!

crypto dynamic-map dynmap 1

set transform-set foo

match address 199

!

access-list 199 permit ip 10.100.100.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 199 permit ip host 172.16.142.191 192.168.1.0 0.0.0.255

I try to put the contivity vpn client to another subnet (192.168.3.10) but the easy vpn server still intercepts its encrypted data.

Salutes.