Using Cisco EZVpn together with router-to-router IPSEC config


Here's one for the crypto buffs....

I have a setup of three Cisco 837s terminating IPSEC tunnels in a hub/spoke router-to-router config. The VPN router that acts as the "hub" also has EZVpn set up for remote access from WinXP clients that are on the road.

My question is this: can one of those WinXP laptops be located within the network subnet of another one of the "spoke" routers and still be able to init a VPN tunnel by itself? I've tried it and it doesn't work so I'm assuming the answer is no, since UDP port 500 is already in use by the "spoke" router's VPN tunnel (and we can't set up another one at the same time from within the same network, right?)

If anyone knows any ways to hack it so it works please let me know, though I doubt there area any.

Thanks for the screen space,

Reply to
Loading thread data ...

Ah, sorry forgot to mention...NAT is involved as well, ie. the WinXP client will always be NAT'ed (so this is the issue I guess).

Reply to

checkout IPSEC profiles

formatting link

Reply to
Merv Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.