VPN Client over DSL connection

sugih · ‎09-06-2005

Hi all,

I've got this problem with most of my users using DSL connection. All work fine using dial-up.

I'm using Cisco Router 1720 connected to Pix515. Client is using VPN Client 3.61.

These clients need to access Exchange mailbox via thru VPN. During the project we tested the connection using dial-up and all was fine until we realised only users over the DSL can't connect to the mailbox (they connect to VPN alright). And they can't ping the mail server.

Anyone can help me out?

TIA,

Sugih

aacole · ‎09-06-2005

Hi Sugih,

To clarify, does the VPN client connect to the PIX or the 1720.

If you use the command `sh crypto isakmp sa' on the VPN device when a client is connected, does it show QM_IDLE ?

If yes, then have a look at `sh crypto ipsec sa' a lot of output but you should be able to pick out the IPSec tunnel details, including packet counters.

What do you see here, any packets being decrypted?

Also you can check the VPN client to see how many packets are being encrypted, compare that with the command above.

Let me know how you get on

sugih · ‎09-06-2005

Hi aacole,

Thanks for the reply. I will give it a try and update you.

FYI, the VPN clients connect to PIX.

Cheers,

Sugih

jackko · ‎09-06-2005

providing you did test the remote vpn by using a dial-up connection. i believe the issue is with nat-traversal since the dsl router does pat.

on the pix, apply this command

isakmp nat-traversal

jackko · ‎09-18-2005

just wondering how you go