Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Weird selective traffic VPN problem.

Status
Not open for further replies.
NettableWalker

NettableWalker

IS-IT--Management
Joined
Jun 18, 2005
Messages
215
Location
GB
Hi everyone,

One of my VPN's from a 1721 to a 837 (ADSL) is selectivly working.
I can ping across it with a delay of about 50ms, i can telnet on the relevent ports to test ica, smtp etc and all is fine.

I cannot get a citrix client to connect across it, although i can with RDP.

I cannot get an Outlook client to connect across it and i cannot browse the network.

any ideas?
 
Sort by date Sort by votes
Hi Gwildfire,

Here's my config for the ADSL router:

CAuthorised Use Only,
Please exit now, Your IP Address has been logged.

User Access Verification

Username: rayc
Password:
HPM.IZR.ADSL#sh run
Building configuration...

Current configuration : 4604 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
no service password-encryption
service sequence-numbers
!
hostname HPM.IZR.ADSL
!
boot-start-marker
boot-end-marker
!
memory-size iomem 5
logging buffered 51200 debugging
logging console critical
enable secret 5 xxxxxxxxxxxxxxxxxxxxx
enable password 7 xxxxxxxxxxxxxxxxxxxxx
!
no aaa new-model
!
resource policy
!
ip subnet-zero
no ip source-route
!
!
no ip dhcp use vrf connected
!
!
ip cef
no ip domain lookup
ip name-server xxxxxxx
ip name-server xxxxxxxxxxx
no ip bootp server
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
no ip ips deny-action ips-interface
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
username xxxxxx privilege 15 password 7 xxxxxxxxxxxxxxxxx
!
!
!
crypto isakmp policy 1
authentication pre-share
group 2
lifetime 7200
crypto isakmp key xxxxxxxxxx address xxxxxxxxxxxx
!
crypto ipsec security-association lifetime kilobytes 5242880
crypto ipsec security-association lifetime seconds 1800
!
crypto ipsec transform-set xxxxx esp-3des esp-sha-hmac
!
crypto map pdcvpn 17 ipsec-isakmp
set peer xxxxxxxxxxxxx
set transform-set xxxxx
set pfs group2
match address 155
!
!
!
interface Null0
no ip unreachables
!
interface Ethernet0
description Connected to Local Network
ip address 10.2.0.203 255.255.0.0
ip nat inside
ip virtual-reassembly
ip route-cache flow
hold-queue 100 out
!
interface Ethernet2
no ip address
shutdown
hold-queue 100 out
!
interface ATM0
description Connected to izR Wan Circuit
no ip address
no ip mroute-cache
atm vc-per-vp 64
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet1
duplex auto
speed auto
!
interface FastEthernet2
duplex auto
speed auto
!
interface FastEthernet3
duplex auto
speed auto
!
interface FastEthernet4
duplex auto
speed auto
!
interface Dialer1
ip address negotiated
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect DEFAULT100 out
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname xxxxxxxxxxxx
ppp chap password 7 xxxxxxxxxxxxxxxxxx
ppp pap sent-username xxxxxxxxxxxxxxxxxx password 7 xxxxxxxxxxxxxxxxxx
ppp ipcp dns request
ppp ipcp wins request
crypto map pdcvpn
hold-queue 224 in
!
router eigrp 10
passive-interface Dialer1
network 10.0.0.0
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
no ip http server
no ip http secure-server
!
ip nat inside source list 102 interface Dialer1 overload

!
no logging trap
access-list 10 remark Telnet access
access-list 10 permit 10.0.0.0 0.255.255.255
access-list 100 remark ----- Inbound ACL -----
access-list 100 permit ip xxxxxxxxxxxxxxxxxx 0.0.0.15 any
access-list 100 permit ip xxxxxxxxxxxxxxxxxx 0.0.0.7 any
access-list 100 permit ip xxxxxxxxxxxxxxxxxx 0.0.0.7 any
access-list 100 permit ip host xxxxxxxxxxxxxxxxxx any
access-list 100 permit ip host xxxxxxxxxxxxxxxxxx any
access-list 100 deny ip any any
access-list 102 deny ip 10.2.0.0 0.0.255.255 10.0.0.0 0.0.255.255
access-list 102 permit ip 10.0.0.0 0.255.255.255 any
access-list 155 remark VPN Access
access-list 155 permit ip 10.2.0.0 0.0.255.255 10.0.0.0 0.0.255.255
dialer-list 1 protocol ip permit

no cdp run
!
!
control-plane
!
banner login ^CAuthorised Use Only,
Please exit now, Your IP Address has been logged.^C
!
line con 0
login local
no modem enable
transport output telnet
stopbits 1
line aux 0
login local
transport output telnet
stopbits 1
line vty 0 4
session-timeout 15 output
access-class 10 in
exec-timeout 100 0
password 7 xxxxxxxxxxxxxxxxxx
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler interval 500
sntp server 10.0.0.22
end

The VPN is up and running, it has just started to get picky with what it'll allow through!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DavidSigma
  • Locked
  • Question Question
CP7861 problem
Replies
0
Views
497
DavidSigma
DavidSigma
quazimotto
  • Locked
  • Question Question
Cisco ASA_5505 VPN to Juniper_SRX210 VPN IS UP_ No Traffic!!!!!!
Replies
0
Views
322
quazimotto
quazimotto
khashyar2021
  • Locked
  • Question Question
Problem with cisco switch after upgrading
Replies
1
Views
462
Geraldine Souza
Geraldine Souza
steel_bender
  • Locked
  • Question Question
Allow HTTPS TCP Traffic through ASA5525
Replies
1
Views
381
Mogles49
Mogles49
acabezas2014
  • Locked
  • Question Question
Need to create QoS for SNMP and Radius traffic on Cisco 4948 Switches
Replies
0
Views
309
acabezas2014
acabezas2014

Part and Inventory Search

Sponsor

Back
Top