05-23-2005 06:48 AM - edited 02-21-2020 01:47 PM
Hi, I have a router 1701 with a VPN tunnel with a peer. But I have a PC with a Nortel VPN client to connect to another peer and it doesn't work.
If a uninstall the crypto map then the client works fine.
I don't understand why.
The router has the following version: Version 12.2(13)ZH, EARLY DEPLOYMENT
RELEASE SOFTWARE (fc1)
Synched to technology version 12.2(14.5)T
ROM: System Bootstrap, Version 12.2(7r)XM1, RELEASE SOFTWARE (fc1)
ROM: C1700 Software (C1700-K9O3SY7-M), Version 12.2(13)ZH, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
System image file is "flash:c1700-k9o3sy7-mz.122-13.ZH.bin"
This is the config:
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
lifetime 3600
crypto isakmp key 0 ********** address 16.x.x.x
!
!
crypto ipsec transform-set MD5-3DES esp-3des esp-md5-hmac
crypto ipsec df-bit clear
!
crypto map Uni 1 ipsec-isakmp
set peer 16.5.10.2
set transform-set MD5-3DES
match address 102
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
ip address x.x.x.x 255.255.255.0
no ip unreachables
no ip proxy-arp
ip nat outside
pvc 8/32
encapsulation aal5snap
!
crypto map Uni
!
interface FastEthernet0
ip address 192.168.11.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
speed auto
ip nat inside source route-map SDM_RMAP_1 interface ATM0.1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 ATM0.1
access-list 101 remark Entrada red local
access-list 101 permit ip 192.168.11.0 0.0.0.255 any
access-list 102 permit ip 192.168.11.0 0.0.0.255 192.168.10.0 0.0.0.255 log
access-list 103 deny ip 192.168.11.0 0.0.0.255 192.168.10.0 0.0.0.255 log
access-list 103 permit ip 192.168.11.0 0.0.0.255 any
!
route-map SDM_RMAP_1 permit 1
match ip address 103
!
The client has the IP 192.168.11.70 and it tries to go by the crypto map, but it shouldn't do it.
Can anybody help me?
05-27-2005 11:40 AM
If NORTEL vpn client is using AH it won't work because AH doesn't support NAT.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide