XPost: comp.dcom.sys.cisco
From: suppa.lamah@libero.it
Tem, this could be the real thing. I didn't use a loopback either, although
I saw it used in Cisco router configurations regarding the same ISP's ADSL
connections, because I could not fully understand its mechanics, so I
decided to stick with the little knowledge I had and to configure my ADSL
with just an ATM0.1 sub-interface.
Could you please retrieve the example you cited and send me some references?
Thanks in advance.
Suppa Lamah
"TEM" ha scritto nel messaggio
news:H8qEb.173938$I53.6757801@twister.southeast.rr.com...
> I had a similar problem with a 837 to 804 VPN. The examples that I
followed
> did not include a loopback address on the responding router to bypass the
> NAT translation. If you are also using NAT for internet traffic, you have
to
> use a loopback interface with a "fake" ip and a route map to route
> interesting traffic away from the NAT. I found an example on cisco.com
>
>
> "Suppa Lamah" wrote in message
> news:6HhEb.9934$wM.695404@news1.tin.it...
> > I successfully (at least I thought so) created an IPSec connection
between
> > two 12.2 IOS Cisco 837-K9.
> >
> > I followed step-by-step several Cisco documents and FAQ, and I had,
after
> > several tries, the IsaKmp SAs up and running, and the traffic correctly
> > routed via NAT or thrown in the VPN tunnel.
> >
> > My PC clients on the separate, private networks (192.168.0.0 and
> > 192.168.1.0) are able to both navigate the Internet via NAT, and ping
the
> > hosts on the other side of the VPN connection. I also checked for known
> MTUs
> > problems, and I can use 15.000 bytes ICMP packets going in and out
without
> > losing any.
> >
> > What I cannot do is... anything else! :)
> >
> > I sees any connection requesting more than a given, short amout of
> resources
> > (cannot tell if a number of open ports is the issue, or, much more
> probable,
> > some timeout on TCP connections) just fails.
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
