05-29-2007 11:38 AM - edited 03-11-2019 03:22 AM
Hello,
I am trying to get a Cisco VPN client to connect to a 2811 router with the following config:
aaa new-model
!
!
aaa authentication login default local
aaa authentication login EZVPN group radius local
aaa authorization exec default local
aaa authorization network EZVPN local
!
aaa session-id common
!
ip inspect name CBAC tcp router-traffic
ip inspect name CBAC udp router-traffic
ip inspect name CBAC icmp router-traffic
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group EZVPN
key ***********
domain bisson.local
pool EZVPN
acl EZVPN
split-dns bisson.local
!
!
crypto ipsec transform-set EZVPN esp-aes esp-md5-hmac
!
crypto dynamic-map EZVPN 1
set transform-set EZVPN
reverse-route
!
!
crypto map EZVPN client authentication list EZVPN
crypto map EZVPN isakmp authorization list EZVPN
crypto map EZVPN client configuration address respond
crypto map EZVPN 1 ipsec-isakmp dynamic EZVPN
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
description *** Connected to Internet ***
ip address x.x.x.x 255.255.255.248
ip nat outside
ip inspect CBAC out
ip virtual-reassembly
duplex auto
speed auto
crypto map EZVPN
!
ip local pool EZVPN 192.168.100.100 192.168.100.200
ip nat inside source list no_nat interface FastEthernet0/0 overload
!
ip access-list extended EZVPN
permit ip 10.150.1.0 0.0.0.255 192.168.100.0 0.0.0.255
!
I keep getting the following debug info:
29 19:15:23.161: ISAKMP:(0:1:SW:1):Total payload length: 12
*May 29 19:15:23.161: ISAKMP:(0:1:SW:1): sending packet to 24.97.162.243 my_port
500 peer_port 17474 (R) AG_INIT_EXCH
*May 29 19:15:23.161: ISAKMP:(0:1:SW:1):Input = IKE_MESG_FROM_AAA, PRESHARED_KEY
_REPLY
*May 29 19:15:23.161: ISAKMP:(0:1:SW:1):Old State = IKE_R_AM_AAA_AWAIT New Stat
e = IKE_R_AM2
biss01batr1#show crypto isakmp sa
dst src state conn-id slot status
66.152.204.123 24.97.162.243 AG_INIT_EXCH 1 0 ACTIVE
biss01batr1#
*May 29 19:15:28.045: ISAKMP (0:134217729): received packet from 24.97.162.243 d
port 500 sport 17474 Global (R) AG_INIT_EXCH
*May 29 19:15:28.045: ISAKMP:(0:1:SW:1): phase 1 packet is a duplicate of a prev
ious packet.
*May 29 19:15:28.045: ISAKMP:(0:1:SW:1): retransmitting due to retransmit phase
1
*May 29 19:15:28.545: ISAKMP:(0:1:SW:1): retransmitting phase 1 AG_INIT_EXCH...
*May 29 19:15:28.545: ISAKMP (0:134217729): incrementing error counter on sa, at
tempt 1 of 5: retransmit phase 1
*May 29 19:15:28.545: ISAKMP:(0:1:SW:1): retransmitting phase 1 AG_INIT_EXCH
biss01batr1#
*May 29 19:15:28.545: ISAKMP:(0:1:SW:1): sending packet to 24.97.162.243 my_port
500 peer_port 17474 (R) AG_INIT_EXCH
Any ideas?
06-04-2007 08:53 AM
Check this bug-id:CSCdt91068.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide