Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
984
Views
0
Helpful
1
Replies

remote vpn client to router with hwic-3g-hspa cellular interface

ddolbel
Level 1
Level 1

‎04-28-2011 06:09 PM

Help ;-)

I'm having extreme issues in getting my vpn client to connect to a cisco router with a hwic-3g-hspa cellular interface

I have tested the config remotely by traversing the tunnel I have setup with a cisco vpn client and the client does connect,
however when out on the road it doesn't respond, I'm litterally hitting my head against a brick here, everything just seem right
I can't explain it.

I have done debugs and there is no sign of life, its as though when the vpn client connects to the router its not responding

any way here is my config for the vpn clients part that is.

aaa new-model
!
!
aaa group server radius vpn-client-server-group-1
server <removed> auth-port 1645 acct-port 1646
server <removed> auth-port 1645 acct-port 1646
server <removed> auth-port 1645 acct-port 1646
!
aaa authentication login default group tacacs+ local
aaa authentication login if_needed local
aaa authentication login vpn_client_xauth_ml_1 local
aaa authentication login vpn_client_xauth_ml_2 local
aaa authentication login NOAUTH none
aaa authentication enable default enable
aaa authentication ppp default local
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization exec NOAUTH none
aaa authorization network vpn_client_group_ml_1 local
aaa accounting exec default
!
crypto ctcp port 10000
!
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 5
!
crypto isakmp policy 2
encr aes 256
authentication pre-share
group 2
!
crypto isakmp client configuration group vpnclients
key <removed>
dns <removed>
wins <removed>
domain <removed>
pool vpnpool
acl 199
save-password
split-dns <removed>
pfs
max-users 10
netmask 255.255.255.0
!
crypto isakmp profile vpn-client-ike-profile-1
   match identity group vpnclients
   client authentication list vpn_client_xauth_ml_2
   isakmp authorization list vpn_client_group_ml_1
   client configuration address respond
   keepalive 60 retry 2
   virtual-template 1
!
!
crypto ipsec transform-set ESP-SHA-HMAC-AES-256-VPN esp-aes 256 esp-sha-hmac
!
crypto ipsec profile VPN_Client_Profile1
description VPN Clients IPSEC Policy
set security-association idle-time 3600
set transform-set ESP-SHA-HMAC-AES-256-VPN
set pfs group2
set isakmp-profile vpn-client-ike-profile-1
!
interface Loopback77
description --- Loopback -- VPN Client Gateway ---
ip address 10.0.77.1 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Cellular0/0/0
bandwidth 5760
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip flow egress
ip virtual-reassembly in
encapsulation ppp
no ip route-cache cef
dialer in-band
dialer pool-member 1
dialer-group 1
async mode interactive
service-policy output SIP-priority
!
!
interface Cellular0/0/1
no ip address
encapsulation ppp
!
interface Virtual-Template1 type tunnel
description $FW_INSIDE$
ip unnumbered Dialer0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip flow egress
ip virtual-reassembly in
tunnel mode ipsec ipv4
tunnel protection ipsec profile VPN_Client_Profile1
!
interface Dialer0
bandwidth 5760
ip address negotiated
ip access-group 150 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat outside
ip ips 2811-ips in
ip inspect FireWall out
ip virtual-reassembly in
encapsulation ppp
no ip route-cache cef
dialer pool 1
dialer idle-timeout 0
dialer string connect
dialer persistent
dialer-group 1
keepalive 10 3
ppp authentication chap pap callin
ppp chap hostname dummy
ppp chap password 7 050F13022C55
no cdp enable
service-policy output SIP-priority
!
ip local pool vpnpool 10.0.77.2 10.0.77.14
!
access-list 100 remark External Ports Access List
access-list 100 permit udp host <removed> any eq non500-isakmp
access-list 100 permit udp host <removed> any eq isakmp
access-list 100 permit esp host <removed> any
access-list 100 permit ahp host <removed> any
access-list 100 permit gre host <removed> any
access-list 100 permit icmp host <removed> any
access-list 100 permit ospf host <removed> any
access-list 100 permit tcp any any eq 10000
access-list 100 deny   ip 10.0.0.0 0.255.255.255 any
access-list 100 deny   ip 172.16.0.0 0.15.255.255 any
access-list 100 deny   ip 192.168.0.0 0.0.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip host 0.0.0.0 any
access-list 100 deny   ip any any log
access-list 199 remark VPN Client Access List
access-list 199 permit ip 10.0.0.0 0.0.0.255 10.0.77.0 0.0.0.15
access-list 199 permit ip 10.70.0.0 0.0.0.255 10.0.77.0 0.0.0.15
access-list 199 permit ip 10.0.77.0 0.0.0.255 10.0.77.0 0.0.0.15
dialer-list 1 protocol ip permit
!

I hope someone can help me out, its driving me nuts. Thanks in advance.

Labels:
0 Helpful
1 Reply 1

ddolbel
Level 1
Level 1

‎01-06-2012 04:44 PM

never mind It turned out that the celluar provider was blocking my traffice, once block was lifted all worked fine.

0 Helpful
Customers Also Viewed These Support Documents