cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
275
Views
0
Helpful
1
Replies

VPN client doesn't work

pgasol
Level 1
Level 1

Hi, I have a router 1701 with a VPN tunnel with a peer. But I have a PC with a Nortel VPN client to connect to another peer and it doesn't work.

If a uninstall the crypto map then the client works fine.

I don't understand why.

The router has the following version: Version 12.2(13)ZH, EARLY DEPLOYMENT

RELEASE SOFTWARE (fc1)

Synched to technology version 12.2(14.5)T

ROM: System Bootstrap, Version 12.2(7r)XM1, RELEASE SOFTWARE (fc1)

ROM: C1700 Software (C1700-K9O3SY7-M), Version 12.2(13)ZH, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)

System image file is "flash:c1700-k9o3sy7-mz.122-13.ZH.bin"

This is the config:

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

group 2

lifetime 3600

crypto isakmp key 0 ********** address 16.x.x.x

!

!

crypto ipsec transform-set MD5-3DES esp-3des esp-md5-hmac

crypto ipsec df-bit clear

!

crypto map Uni 1 ipsec-isakmp

set peer 16.5.10.2

set transform-set MD5-3DES

match address 102

!

interface ATM0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0.1 point-to-point

ip address x.x.x.x 255.255.255.0

no ip unreachables

no ip proxy-arp

ip nat outside

pvc 8/32

encapsulation aal5snap

!

crypto map Uni

!

interface FastEthernet0

ip address 192.168.11.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip route-cache flow

speed auto

ip nat inside source route-map SDM_RMAP_1 interface ATM0.1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 ATM0.1

access-list 101 remark Entrada red local

access-list 101 permit ip 192.168.11.0 0.0.0.255 any

access-list 102 permit ip 192.168.11.0 0.0.0.255 192.168.10.0 0.0.0.255 log

access-list 103 deny ip 192.168.11.0 0.0.0.255 192.168.10.0 0.0.0.255 log

access-list 103 permit ip 192.168.11.0 0.0.0.255 any

!

route-map SDM_RMAP_1 permit 1

match ip address 103

!

The client has the IP 192.168.11.70 and it tries to go by the crypto map, but it shouldn't do it.

Can anybody help me?

1 Reply 1

Not applicable

If NORTEL vpn client is using AH it won't work because AH doesn't support NAT.