Re: Movian VPN with 3015 Concentrator

vocollect · ‎03-31-2004

We are having issues with our VPN concentrator routing the the IP address on Movian VPN PDA clients. The client authenticates and gets a IP address assigned. The client is unable to ping any IP address on the private network. We tested the movian client with Certicoms test Cisco Concentrator and it works fine. It must be a setting in our concentrator that I am missing or have incorrectly set. Has anyone else had this problem and how to fix it. Thank you,

d-g-c · ‎12-13-2004

Hi,

I'm doing some tests PDA VPN tests with the movian client connecting to a 3015 concentrator and am seeing the same problem as you describe. The VPN connection is succesful and the PDA is assigned an IP address and can ping hosts on the assigned IP endpoint subnet but cannot connect to any other internal subnets.

Seems to be more like a routing issue on the PDA than the VPN server, did you ever resolve your problem?

vocollect · ‎12-14-2004

Yes, we had 2 issues.

1. Correct the Network Lists on the Concentrator to work with split tunneling.

2. Correct the ACL in the Pix firewall that was preventing IP packets over IPsec protocol. The ACL would allow handshake to take place and tunnel established but no encrypted packets through.

Hope this helps.

csuper · ‎12-14-2004

Could you please put the details of what was changed. We are having the same problem with our 3030. Is there something in the firewall extra that needs to be opened that the Cisco client doesn't need?

mbstrauss · ‎12-21-2004

Try this doc - it helped me out

http://www.certicom.com/download/aid-54/mVPN_Cisco_Deployment_Guide.pdf

Also, I did not have to configure the Cisco concentrator for NAT-T.

I now have my i-mate PDA working through this ok, but it did take some toubleshooting.