VPN Client and 1811

Answered Question
May 31st, 2007
User Badges:

i try to connect to my router Cisco1811 whit Cisco VPN Client 4.8 whit rsa-sig(certificate). On Cisco VPN Client i resive request for username i pass. When i insert them on the 1811 i resive this mesage on console


%CRYPTO-6-VPN_TUNNEL_STATUS: Group: does not exist


My ios config is:


aaa new-model

!

!

aaa authentication login VPNUSER local

aaa authorization network VPNUSER local

!

aaa session-id common

!

resource policy

!

!

!

ip cef

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.10.1

!

ip dhcp pool sdm-pool

import all

network 192.168.10.0 255.255.255.0

default-router 192.168.10.1

lease 0 2

!

!

no ip domain lookup

ip domain name yourdomain.com

!

! crypto pki token default user-pin ******

crypto pki token default removal timeout 30

!

crypto pki trustpoint TP-self-signed-2095781077

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2095781077

revocation-check none

rsakeypair TP-self-signed-2095781077

!

crypto pki trustpoint CA_Server

enrollment terminal

serial-number none

fqdn none

ip-address none

password

subject-name O=5100, OU=Customs, CN=Router1

revocation-check none

rsakeypair SDM-RSAKey-1180596453000

!

!

crypto pki certificate chain TP-self-signed-2095781077

crypto pki certificate chain CA_Server

!

crypto isakmp policy 10

encr 3des

group 2

crypto isakmp identity dn

!

crypto isakmp client configuration group guest_group

dns 10.1.1.3

pool vpnpool

!

!

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

!

crypto dynamic-map dynmap 10

set transform-set ESP-3DES-MD5

!

!

crypto map vpn_map client authentication list VPNUSER

crypto map vpn_map isakmp authorization list VPNUSER

crypto map vpn_map client configuration address initiate

crypto map vpn_map client configuration address respond

crypto map vpn_map 10 ipsec-isakmp dynamic dynmap

!


What can i do

Correct Answer by ggilbert about 9 years 11 months ago

What is the OU on the certificate that you have for the client?


is it guest_group or something else?


Thanks

Gilbert

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
ggilbert Thu, 05/31/2007 - 08:53
User Badges:
  • Cisco Employee,

What is the OU on the certificate that you have for the client?


is it guest_group or something else?


Thanks

Gilbert

Actions

This Discussion