Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
298
Views
0
Helpful
1
Replies

Client VPN with 2811

jecker
Level 1
Level 1

‎05-29-2007 11:38 AM - edited ‎03-11-2019 03:22 AM

Hello,

I am trying to get a Cisco VPN client to connect to a 2811 router with the following config:

aaa new-model

!

!

aaa authentication login default local

aaa authentication login EZVPN group radius local

aaa authorization exec default local

aaa authorization network EZVPN local

!

aaa session-id common

!

ip inspect name CBAC tcp router-traffic

ip inspect name CBAC udp router-traffic

ip inspect name CBAC icmp router-traffic

!

!

!

crypto isakmp policy 10

encr 3des

hash md5

authentication pre-share

group 2

!

crypto isakmp client configuration group EZVPN

key ***********

domain bisson.local

pool EZVPN

acl EZVPN

split-dns bisson.local

!

!

crypto ipsec transform-set EZVPN esp-aes esp-md5-hmac

!

crypto dynamic-map EZVPN 1

set transform-set EZVPN

reverse-route

!

!

crypto map EZVPN client authentication list EZVPN

crypto map EZVPN isakmp authorization list EZVPN

crypto map EZVPN client configuration address respond

crypto map EZVPN 1 ipsec-isakmp dynamic EZVPN

!

!

!

!

interface Loopback0

ip address 1.1.1.1 255.255.255.255

!

interface FastEthernet0/0

description *** Connected to Internet ***

ip address x.x.x.x 255.255.255.248

ip nat outside

ip inspect CBAC out

ip virtual-reassembly

duplex auto

speed auto

crypto map EZVPN

!

ip local pool EZVPN 192.168.100.100 192.168.100.200

ip nat inside source list no_nat interface FastEthernet0/0 overload

!

ip access-list extended EZVPN

permit ip 10.150.1.0 0.0.0.255 192.168.100.0 0.0.0.255

!

I keep getting the following debug info:

29 19:15:23.161: ISAKMP:(0:1:SW:1):Total payload length: 12

*May 29 19:15:23.161: ISAKMP:(0:1:SW:1): sending packet to 24.97.162.243 my_port

500 peer_port 17474 (R) AG_INIT_EXCH

*May 29 19:15:23.161: ISAKMP:(0:1:SW:1):Input = IKE_MESG_FROM_AAA, PRESHARED_KEY

_REPLY

*May 29 19:15:23.161: ISAKMP:(0:1:SW:1):Old State = IKE_R_AM_AAA_AWAIT New Stat

e = IKE_R_AM2

biss01batr1#show crypto isakmp sa

dst src state conn-id slot status

66.152.204.123 24.97.162.243 AG_INIT_EXCH 1 0 ACTIVE

biss01batr1#

*May 29 19:15:28.045: ISAKMP (0:134217729): received packet from 24.97.162.243 d

port 500 sport 17474 Global (R) AG_INIT_EXCH

*May 29 19:15:28.045: ISAKMP:(0:1:SW:1): phase 1 packet is a duplicate of a prev

ious packet.

*May 29 19:15:28.045: ISAKMP:(0:1:SW:1): retransmitting due to retransmit phase

1

*May 29 19:15:28.545: ISAKMP:(0:1:SW:1): retransmitting phase 1 AG_INIT_EXCH...

*May 29 19:15:28.545: ISAKMP (0:134217729): incrementing error counter on sa, at

tempt 1 of 5: retransmit phase 1

*May 29 19:15:28.545: ISAKMP:(0:1:SW:1): retransmitting phase 1 AG_INIT_EXCH

biss01batr1#

*May 29 19:15:28.545: ISAKMP:(0:1:SW:1): sending packet to 24.97.162.243 my_port

500 peer_port 17474 (R) AG_INIT_EXCH

Any ideas?

Labels:
0 Helpful
1 Reply 1

carenas123
Level 5
Level 5

‎06-04-2007 08:53 AM

Check this bug-id:CSCdt91068.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card