RE: [nsp] cisco vpn client

From: Mati Gil (mgil@servicom2000.com)
Date: Fri Mar 01 2002 - 04:14:27 EST


Hello Alban,
this is Mati again.
It seems that your VPN 3000 is trying to find your VPN Client public address
through its private interface.
Which default gateway have you configured in your concentrator? It should be
pointing to any router in its public segment, not the private one.
Perhaps you have a static/dynamic route for your VPN Client public address
through a 145.246.142.x router. Have a look at concentrators IP routes.

For your VPN clients, if you want them to have an internal private router as
their default gateway once they are connected to the VPN, configure a
different 'tunnel default gateway'.
I hope this time it helps. Regards,
Mati

-----Mensaje original-----
De: Alban Dani [mailto:adani@stevens-tech.edu]
Enviado el: jueves, 28 de febrero de 2002 22:44
Para: cisco-nsp@puck.nether.net
Asunto: [nsp] cisco vpn client

Well, her I am again with another VPN issue.

My Cisco VPN 3000 series is working fine with all sorts of windows clients.
However I am required to configure it to work with the Cisco VPN client.
The client of course wants me to create a IPSec group and I did so.
However when I can not connect to the VPN using this client.
The client side log tells me :

8 16:11:50.338 02/28/02 Sev=Warning/3 IKE/0xA3000056
Received ISAKMP message from wrong host, Received IP address = 145.246.142.2
Expected IP address = 145.246.1.12

And the VPN log :

2 02/28/2002 16:11:27.360 SEV=4 IKE/0 RPT=52 145.246.154.149
Duplicate first packet detected!

The 145.246.142.2 is configured as my private interface and the 145.246.1.12
as my public.
By the way when I try to connect to 145.246.142.2 the connection works ????

Any help will be much appreciated.

Alban



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:06 EDT