Not so easy VPN...

Unanswered Question
Oct 21st, 2007

I've got a pair of 2611XM's that are running as internet routers for at two branch offices. They're both performing pppoe negotiation over a fast eth/dial interface. The dialer interface is ip nat outisde. The other fast eth interface is running with private LAN addresses and ip nat inside.

One of these branch offices has remote workers that connect using the VPN client which gives them a local LAN ip address etc. This worked great, first time around for a change. However my intent was to configure the remote branch router to VPN into the Easy VPN Server as well. I haven't been able to get it to work was wondering if anyone could help!

Outputs from debug show that Phase 2 is failing.

<10.1.1.0/24>-2611XM-<Internet>-2611XM-<192.168.2.0/24>

Server side config

username user priv 15 pass <password>

crypto isakmp client configuration group REMOTE_LOGIN

key 6 <key>

dns 10.1.1.1

pool VPN_POOL

acl SPLIT_TUNNEL

save-password

include-local-lan

pfs

max-users 20

max-logins 2

netmask 255.255.255.0

banner ^CConnection Secured^C

!

crypto isakmp profile ISAKMP_PROFILE

match identity group REMOTE_LOGIN

client authentication list LOCAL_AUTH

isakmp authorization list NETWORK_AUTH

client configuration address respond

virtual-template 1

!

crypto ipsec transform-set VPN esp-aes esp-sha-hmac

!

crypto ipsec profile IPSEC_PROFILE

set security-association idle-time 3600

set transform-set VPN

set isakmp-profile ISAKMP_PROFILE

!

interface FastEthernet0/0

description LAN Interface

ip address 10.1.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface FastEthernet0/1

description Connection to ADSL Modem

no ip address

pppoe enable group global

pppoe-client dial-pool-number 1

!

interface Virtual-Template1 type tunnel

ip unnumbered FastEthernet0/0

ip nat inside

ip virtual-reassembly

tunnel mode ipsec ipv4

tunnel protection ipsec profile IPSEC_PROFILE

!

interface Dialer1

bandwidth 14000

ip address negotiated

ip nat outside

ip virtual-reassembly

encapsulation ppp

ip route-cache flow

ip tcp adjust-mss 1400

dialer pool 1

dialer idle-timeout 0

no cdp enable

ppp authentication chap callin

ppp pap sent-username <username> password 7 <password>

!

ip local pool VPN_POOL 10.1.1.100 10.1.1.120

!

access-list SPLIT_TUNNEL permit ip 10.1.1.0 0.0.0.255 any

Remote side config

crypto ipsec client ezvpn remote

connect manual

group REMOTE_LOGIN key 6 <key>

mode client

peer <hostname>

username user password 6 <password>

xauth userid mode local

Any help would be greatly appreciated!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion