Vpn lan-to-lan and remote-access

costin.vilcu · ‎01-25-2007

Hi everyone,

this is the problem:

on a router i have configured both lan-to-lan VPN tunnels (GRE and IPSec) and remote-access (software VPN Client).

i use a public loopback address as the endpoint of the GRE tunnels and therefore i use the commmand "crypto map MAP local-address LoopbackX"

the problem is that first i configured the router for VPN client and it worked just fine, and now after i configured the IPSec tunnels (which are working now) i can not connect anymore with the vpn client. i get the Xauth window, i fill up the credentials and then it just says "Not Conected"

where should i look more? i did a debug cry isakmp and debug cry ipsec and it seems that something happens in the isakmp negotiations because i don't have any ipsec message.

Thanks in advance,

b.julin · ‎01-25-2007

Well, two things that would help is if you have before and after configurations you can compare, and before and after logfiles you can compare.

But to take a total and complete shot in the dark, if the RAs were using transport mode, look and see whether the OS dropped the "crypto ipsec transform-set test_trans mode transport" statement on you if you altered the other transform-set statement. On the ASA it does so without any warning, and that will cause it to fail after phase 1.

costin.vilcu · ‎01-31-2007

Thank you b.julin, but ot seems that it only needed a reload.

the config was ok, but it didn't worked until i restarted.

Nice one huh? :)