Re: OT: VPN Concentrator with VPN Clients from Farrukh Haroon on 2009-10-11 (Ccielab archives 10/2009)

From: Farrukh Haroon <farrukhharoon_at_gmail.com>
Date: Sun, 11 Oct 2009 09:36:11 +0300

First thing to check would be the VPN client, are both the
encr/decr count(s) incrementing in the client's status tab? Also you have to
checked the bytes sent/rcvd in the VPN concentrator's status tab for remote
access VPNs (Administration >> Administer Sessions >> Remote Access
Sessions).

Did you follow the following procedure(s)?

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a00807f6e76.shtml

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a00800949b4.shtml

There could be a NAT device in the middle, try configuring NAT-T as
described below:

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a008010edf4.shtml

Also did you allow this traffic on the "filter" applied on the conentrator's
"Public" interface?

Regards

Farrukh
On Wed, Oct 7, 2009 at 6:56 PM, Haroon <itguy.pro_at_gmail.com> wrote:

> Hello Experts,
>
> Sorry about back to back OT posts but maybe I am too dumb for this crap and
> someone can help me with this.... I am trying to configure CVPN 3030
> Concentrator to work with either Microsoft vpn client or Cisco VPN client
> 5.0.03.
>
> I have configured two groups: 1) pptp to work with MS and 2) IPSecGroup to
> work with the cisco vpn client. I cannot make any connection with ms vpn
> client, however, I am able to authenticate with active directory and get an
> ip address from our internal dhcp server when I use cisco vpn client(ip sec
> group). After the connection is established, I cannot ping or browse any
> servers behind the concentrator. I even tried different subnet dhcp range
> and adding static routes on the concentrator and router behind it (local
> LAN) but no go.
>
> I have tried following the cisco documents to the last letter, google
> search
> and I tried configuring it using my own understanding of this but no luck.
> Is there some setting that I am missing in the concentrator? I don't care
> which client I use (MS preferred) as long as concentrator can intelligently
> pass traffic through to the other side as it is with the 4 site to site
> VPNs.
>
> regards,
>
> Haroon
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Sun Oct 11 2009 - 09:36:11 ART

This archive was generated by hypermail 2.2.0 : Sun Nov 01 2009 - 07:50:59 ART