- A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: IPSec question: VPN client to Router posted 09/22/2001
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]

Hi Sam Munzani,

It does not work, config is:

(loopback 0) IPSEC Router(Eth0) ------ (Eth1) Router (Eth0) ------- VPN

ACL is:
access-list 101 permit ip host

I even tried: access-list 101 permit ip any any

but from Client I can Ping to w/o crypto process.

I turned back to the original config:
(loopback 0) IPSEC Router(Eth0 ------VPN CLient
with this network, previously I cannot ping from Client to, but
now I can ping w/o crypto, nothing changed (except I just re-install my
Windows 98 & VPN client)

Have you ever work on  R1603 for IPSec ? I suspect that there's no actual
process for IPSec on Cisco1603 (my IOS is quite new:


----- Original Message -----
From: Sam Munzani <sam@xxxxxxxxxxx>
To: Nguyen Hoang Long <long.nguyen@xxxxxxxxxxxxxxxxxx>; Menga, Justin
<Justin.Menga@xxxxxxxxxx>; <ccielab@xxxxxxxxxxxxxx>
Sent: Friday, September 21, 2001 10:33 PM
Subject: Re: IPSec question: VPN client to Router

> Just for the hack of it try as below.
> Keep your configs as it is. However put a router betweer your client and
> ipsec router. All I can suspect now is IPSEC crypto map is not working for
> the packet leaving to your laptop. Have something like below.
> IPSEC Router    --- Router(Pretending ISP) --- Client
> IPSEC router points it's def. g/w to ISP router and so does client PC.
> should work.
> Sam
> > Let's talk about the original config:
> > Nothing appears on Client Log Viewer when I ping, error
> on
> > R1603
> >
> > I changed access-list:
> > <access-list 101 permit ip>
> > from Client I can ping but encryption does not happens.
> >
> > In my understanding, encryption should protect traffic from
> > (VPN client) to (internal network).
> > Header w/ is encapsulated in side header
> > think you know what I mean)
> > suppose I have sniffer on Client to R1603, source address from Client to
> > R1603 should be, not 10.10.1.XXX
> >
> > So how .....?
**Please read:
To unsubscribe from the CCIELAB list, send a message to
majordomo@xxxxxxxxxxxxxx with the body containing:
unsubscribe ccielab