This document describes how to configure a handheld computer and Cisco IOS router for IPsec VPN connectivity. With VPN connectivity, the handheld computer can connect to Intranet servers privately over the public Internet. The sample configuration presented in this document uses the Movian VPN client software application, the Cisco IOS Easy VPN Server, the IPAQ handheld computer at the remote end, and Cisco 7200 as the server.
- The IP address at the Cisco Easy VPN Server is static.
- The IP address at the handheld computer is static or dynamic.
- All traffic, including Internet traffic, from the Easy VPN Client is forwarded to the hub.
- Traffic from the remote host is forwarded after applying Network Address Translation/Port Address Translation (NAT/PAT).
The information presented in this document was created from devices in a specific lab environment. All of the devices started with a cleared (default) configuration. If you are working in a live network, it is imperative to understand the potential impact of any command before implementing it.
The Cisco Easy VPN implements the Cisco Unity Client protocol, which simplifies configuring the detailed information on the client router because most VPN parameters are defined at the VPN remote access server. The server can be a dedicated VPN device, such as a VPN 3000 concentrator or a Cisco PIX Firewall, or a Cisco IOS router that supports the Cisco Unity Client protocol. The sample configuration uses the Cisco 1751 for the Easy VPN Server.
This sample configuration uses client mode with the Movian VPN Client. In Client mode, the entire Movian VPN client address undergoes NAT to the mode config ip address that the Easy VPN Server provides.
The Movian VPN Client forwards the Internet traffic to the Easy VPN Server. Direct access to the Cisco 806 Easy VPN Client by traffic other than the encrypted traffic from the Easy VPN Server is denied. An alternative configuration of the Cisco Easy VPN Server called split tunneling forwards the Internet traffic directly without encryption.
For additional information about configuring Easy VPN Server, refer to Cisco IOS Easy VPN Server feature .
Step 1. Login to the Hub router.
Step 2. Using the Movian tools menu, ping www.cisco.com and other intranet hosts.
Step 3. Using Internet Explorer, connect to the intranet and Internet servers.
Step 4. Make sure to reload the web page to avoid redisplay from the cache memory.
Note: Before issuing debug commands, see Important Information about Debug Commands .
- debug crypto isakmp—Displays errors during Phase 1.
- debug crypto ipsec—Displays errors during Phase 2.
- debug crypto engine—Displays information from the crypto engine.
- debug ip your routing protocol—Displays information about routing transactions of your routing protocol.
- clear crypto connection connection-id [slot | rsm | vip]—Terminates an encrypted session currently in progress. Encrypted sessions normally terminate when the session times out. Use the show crypto cisco connections command to see the connection-id value.
- clear crypto isakmp—Clears the Phase 1 security associations.
- clear crypto sa—Clears the Phase 2 security associations.