1. Home
  2. Cisco Systems
  3. UMTS connection and Cisco VPN client

UMTS connection and Cisco VPN client

We are using the Cisco VPN client version 4.8 in combination with an UMTS card.

When connecting to our PIX using DSL the VPN connection works just fine. When usig the UMTS card the VPN is established and the virtual adapter receives it's IP adress but we are not able to connect to any nodes on the other network. The logging does not show any errors.

The following routing table is active when connecting to the VPN using UMTS:

10.10.10.10 provided by VPN connection 72.111.111.222 provided by UMTS card XXX.XXX.250.2 PIX

Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 10.10.10.10 10.10.10.10 1 10.0.0.0 255.0.0.0 10.10.10.10 10.10.10.10 1 10.10.10.10 255.255.255.255 127.0.0.1 127.0.0.1 1 10.255.255.255 255.255.255.255 10.10.10.10 10.10.10.10 1 72.111.111.222 255.255.255.255 127.0.0.1 127.0.0.1 1 72.255.255.255 255.255.255.255 72.111.111.222 72.111.111.222 1 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 XXX.XXX.250.2 255.255.255.255 72.111.111.222 72.111.111.222 1 224.0.0.0 224.0.0.0 10.10.100.10 10.10.10.16 1 255.255.255.255 255.255.255.255 10.10.10.10 0.0.0.0 1

When monitoring the traffic on my interfaces I do not see any traffic on the VPN interface. It smells like a routing problem but I have not been able to solve this issue.

Your advice is very much appreciated!

With kind regards,

Fred

Reply to
fredje110
Loading thread data ...

please add the command "isakmp nat-t" to your pix config, running 6.3.x

rgds Martin Bilgrav

Reply to
Martin Bilgrav

Hello Martin,

Thank you very much for your kind reply!

Our PIX is indeed runing 6.3.3.

UMTS connection:

Automatic NAT Detection Status: Remote end is NOT behind a NAT device This end is NOT behind a NAT device

DSL connection:

Automatic NAT Detection Status: Remote end is NOT behind a NAT device This end IS behind a NAT device

'Peer supports NAT-T' appears in the logging.

When checking the VPN traffic with Ethereal I do see traffic with source address 10.10.10.10. But calls do not get answered from 'the other side'.

With best regards,

Fred

Reply to
Fred

Hello,

I know your log will say that, but to be sure, could you please verify that the command in fact are in the config.

Also the line :

224.0.0.0 224.0.0.0 10.10.100.10 10.10.10.16 1 troubles me, from your route print when connected to umts could you please give route print before umts logon and after. Also, just to avoid it, could you try to verify the IP Pool settings on the PIX. Could be a good idea to use a pool different, fx 192.168.x.x, instead, as this pool is not a Class-A pool. (Both the umts and 10 addy are class-A)

Also verify that the VPN client is enabled in the umts card's properties. You coulc also try a version 4.6.xxxx.xx instead of 4.8 (I have no present experience with 4.8, but runs 4.6 on my vodafone card myselfs with no problems)

Regards Martin Bilgrav

Reply to
Martin Bilgrav

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.