|
|
 FAQ
 Search
 Memberlist
 Usergroups
 Register
 Profile
 Private messages
 Log in
|
|
| Author |
Message |
Guest
|
 Posted: Wed Apr 19, 2006 12:09 pm Post subject: Problems with IP-SEC VPN through SOHO-96 ADSL router |
 |
|
Hello,
I have the following wish, I want to connect at home from my lan to my
employers network. My employer has a Cisco VPN concentrator that works
fine. First I had a speedtouch ADSL router no problem just connect with
Freeswan VPN to the Cisco and it just worked.
A week ago I replaced the Speedtouch with a Cisco SOHO 96 ADSL
modem/router. I configured it and it worked, at least I thought it did.
I discovered that I couldn't create A VPN tunnel through that modem.
That means I can create a connection but when I actually want to do
something through the tunnel I get the following lines into the console
of my SOHO:
1w2d: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has
invalid spi for destaddr=<my local IP>, prot=50,
spi=0x9442D3CB(-1807559733), srcaddr=<my employers IP>
First I had some access-list issues but that I already solved (I can do
a little bit by myself :-) )
Someone any idea what goes wrong and what the solution is, other than
switching back to my Speedtouch.
CU
Roel |
|
| Back to top |
|
 |
|
|
Roel Villerius
Guest
|
| Posted: Wed Apr 19, 2006 9:17 pm Post subject: Re: Problems with IP-SEC VPN through SOHO-96 ADSL router |
|
|
Hello,
I found the solution already.
I have to tell my Cisco explicit that I have a IPSEC tunnel. This I have
done with the following commands:
ip nat inside source static esp <local client IP> interface Dialer1
ip nat inside source static udp <local client IP> 500 interface Dialer1
500
That was the trick for me.
CU
Roel
On Wed, 19 Apr 2006 01:09:43 -0700, r.villerius wrote:
| Quote: | Hello,
I have the following wish, I want to connect at home from my lan to my
employers network. My employer has a Cisco VPN concentrator that works
fine. First I had a speedtouch ADSL router no problem just connect with
Freeswan VPN to the Cisco and it just worked.
A week ago I replaced the Speedtouch with a Cisco SOHO 96 ADSL
modem/router. I configured it and it worked, at least I thought it did.
I discovered that I couldn't create A VPN tunnel through that modem.
That means I can create a connection but when I actually want to do
something through the tunnel I get the following lines into the console
of my SOHO:
1w2d: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has
invalid spi for destaddr=<my local IP>, prot=50,
spi=0x9442D3CB(-1807559733), srcaddr=<my employers IP
First I had some access-list issues but that I already solved (I can do
a little bit by myself :-) )
Someone any idea what goes wrong and what the solution is, other than
switching back to my Speedtouch.
CU
Roel |
|
|
| Back to top |
|
|
|
|
