Networking Issues over Cisco IOS Tunnel

Hi all,

I've configured an IP Sec tunnel to the us-midwest server (104.207.136.116) on my Cisco 1921 router. The tunnel itself is working fine, but when I try to route my traffic over it, it seems that many pages don't load and I get connection resets and timeouts.  I also can't establish an RDP session to a server that I regularly access (I've verified I'm not being blocked by an ACL/firewall rule).  I can ping and certain pages such as YouTube and Google load fine. Amazon loaded but was broken. I'm just wondering if you have any ideas for me to try on my end, or if this is something others have seen as well.

Here is my config:

crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 5

crypto isakmp key mysafety address 104.207.136.116

crypto map PIA_VPN 10 ipsec-isakmp 
 set peer 104.207.136.116
 set transform-set ESP-AES256-SHA1 
 match address PIA_MIDWEST_US

crypto ipsec transform-set ESP-AES256-SHA1 esp-aes 256 esp-sha-hmac
 mode transport

ip access-list extended PIA_MIDWEST_US
 permit udp host 63.230.xx.xx eq 1701 host 104.207.136.116 eq 1701

interface dial1
 crypto map PIA_VPN

pseudowire-class PIA_L2TP
 encapsulation l2tpv2
 ip local interface dial1


interface Virtual-PPP10
 description ---Tunnel to PIA MIDWEST US---
 ip address negotiated
 ip nat outside
 ip virtual-reassembly
 ppp eap refuse
 ppp chap hostname xxxxxx
 ppp chap password 0 xxxxxx
 ppp ipcp address accept
 no cdp enable
 pseudowire 104.207.136.116 1 pw-class PIA_L2TP

ip route 104.207.136.116 255.255.255.255 di1

ip nat inside source list NAT interface virtual-ppp10 overload

ip route 0.0.0.0 0.0.0.0 virtual-ppp10

---END---

This config is based off the freeccnaworkbook.com entry on this.  Here is the link if anyone would like more details:

The only other thing I haven't tried in the meantime that I can think of is to try a different server.

Any help is appreciated.

Comments

  • Update - I configured my router to peer with the Florida server and got the same result.
  • Anyone? Since my last post, I've verified the IP isn't on any blacklists that I could find and verified DNS resolution is working.  I'm not quite sure what else to try.
  • I am having the same issue. Did you ever get this working? I am using a Cisco 3825, Version 15.1(4)M12a and no luck.
Sign In or Register to comment.