836 router as VPN termination

jaapvdmeij · ‎03-08-2006

hello,

I'm trying to establish a Vpn connection from home to work.

Here Are some details about the architecture and the configuration

At home :

Windows xp pro sp2 with cisco VPNcliënt version 4.6.00 installed on it. Connecting the internet through a standard adsl modem (speedtouch510).

This modem has a static public address assigned by the provider

At work :

The cisco836 acting as a perimeter router with a static public address on dialer1 via a isdn adsl connection

Behind the router our network consisting of a windows 2000 domain server and about 10 cliënts xp pro sp2 computers.

I like to use this router acting as the termination of a tunnel between home and the office.

I configured something but it does not work. I get at home the message : No private Ip address was assigned by the peer.

Attached you will find my configuration

and the log file i got at home.

Best regards Ilja zwolsman

m.sir · ‎03-08-2006

You could try permit UDP port 4500 for NAT traversal

Try command:

permit udp host XX.XXX.XXX.XX (static public address router at home) host XX.XXX.XXX.XX (static public address router at work) eq 4500

BTW Iam bit confused with you ACL why do you have statement permit ip any any at the end???

Hope that helps

jaapvdmeij · ‎03-09-2006

Hello,

Thanks for your reply

I changed the entry into your proposal but the IOS changed it back into what it was before so both entry's

are the same.

I changed the entry permit any any,thanks.

In the log file vpnclientlog080306Test I ask your attention for lines 41 and 48.

My experience with logging is not great so maybe You can help me

Best regards Ilja zwolsman

attrgautam · ‎03-09-2006

Couple of things. Can you change the ACLs to

access-list 103 deny ip 10.0.0.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 103 permit ip 10.0.0.0 0.0.0.255 any

access-list 160 permit ip 10.0.0.0 0.0.0.255 192.168.1.0 0.0.0.255

Let me know if it helps

jaapvdmeij · ‎03-10-2006

Hello,

Thanks for your reply.

I Changed the configuration but was still not succesfull.

Attached you will find the vpnclientlog.

Notice line 18 : Established Phase 1 SA ...........

Notice line 46 : No private ip address was assigned by the peer.

I wonder if something home is not good configured.

The VPN client (version 4.6.02.0011) installs a virtual adapter.I supose thet this adapter gets an ip address from the 836 router at work.

Do I have to let this adapter get automatically an ip address ?

Is it imported what ip address is on the adapter connected with my adsl modem at home (10.0.0.151).

The inside ip address of the modem at home (speedtouch510) is 10.0.0.138 and the outside is the static public address assigned by the provider.

(the private pool on the 836 router at work is 192.168.1.200 192.168.1.254).On the outside interface of the speedtouch510 (at home) is Nat-T configured.

Best regards Ilja Zwolsman

jaapvdmeij · ‎03-13-2006

Hello,

In spite of all the good intensions I still can not connect from home to the office.

(no ip address assigned by the peer).

I consider to let the router at the office function as passtrough for a vpn connection from home to the office windows2000 server.It's whet the called a transport mode with you can enable on the vpn client.

Can someone give me an advise to do so.

Best regard Ilja zwolsman

joslemmerling · ‎04-05-2006

I recall something of a problem with the speedtouch and IPsec. Try http://www.google.nl/search?hl=nl&q=speedtouch+unbind+nat+ipsec&btnG=Google+zoeken&meta=