RVL200 does not work with Cisco Easy VPN Client

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by jackalvn, Nov 3, 2008.

  1. jackalvn

    jackalvn Addicted to LI Member

    I have VPN at work , using a Cisco PIX 515E as a EasyVPN server
    With Phase 1 with Isakmp , then phase 2: ESP

    When I run EasyVPN client on any computer in my home network, it connected through, authentication complete, but I can not transfer any data.

    I then use Wireshark to capture packets. put it in the midle between my DSLModem and my RVL200, noticed ISAKMP packets(udp:500) went through, but not ESP packets.

    I then replaced the RVL200 with a Belkin 54G router, everything worked fine.
    Replaced back with RVL200, still not work , authenticate succeeded, but ESP can not go through, therefore, no connection.

    Im using firmware Firmware Version: v1.1.7 , then also upgraded to version: v1.1.10 .1, both didnt work.

    I had my IPSec VPN passthrough turned on. In the router log I found
    "Connection Refused - Policy violation : IN=ppp1 OUT= MAC= SRC=69.20.XXX.XXX DST=70.48.XXX.XXX LEN=112 TOS=0x00 PREC=0x00 TTL=56 ID=2650 PROTO=ESP SPI=0xa52269cd "

    Please advice!!!
  2. jackalvn

    jackalvn Addicted to LI Member

    I found the solution, some routers couldnt deal with ESP so I turned on a feature call NAT-Traversal on the VPN Server and it fixed it.
  3. ifican

    ifican Network Guru Member

    its not a "cant deal with" its because a protocol not a port is used during vpn communications and when you are sitting behind a device that is doing nat it does not know what to do with the protocol packet that arrives. Nat-t was specifically designed to fix this as you have witnessed.
  4. Toxic

    Toxic Administrator Staff Member

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice