I have an 871 Router that I am trying to setup a VPN but the Windows 2003 server on the network does the dhcp. At this point I get and error on authentication just trying to vpn - here is the config I hope someone can help. I have never had this problem before
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
aaa session-id common
!
resource policy
!
ip subnet-zero
ip cef
!
!
!
!
ip domain name xxx.com
ip name-server 216.x.x.x
ip name-server 216.x.x.x
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group xxxvpn
key xx2cisco
dns 192.168.0.1 216.x.x.x
domain d2b0411
netmask 255.255.255.0
!
!
crypto ipsec transform-set xxxvpn esp-3des esp-md5-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set peruvpn
reverse-route
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
!
interface FastEthernet4
description $ES_WAN$
ip address 216.x.x.x 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map SDM_CMAP_1
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.0.254 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip local pool SDM_POOL_1 192.168.0.220 192.168.0.225
ip classless
ip route 0.0.0.0 0.0.0.0 216.x.x.x
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static udp 192.168.0.1 3389 interface FastEthernet4 3389
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload
!
access-list 100 remark SDM_ACL Category=2
access-list 100 deny ip any host 192.168.0.220
access-list 100 deny ip any host 192.168.0.221
access-list 100 deny ip any host 192.168.0.222
access-list 100 deny ip any host 192.168.0.223
access-list 100 deny ip any host 192.168.0.224
access-list 100 deny ip any host 192.168.0.225
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
no cdp run
!
route-map SDM_RMAP_1 permit 1
match ip address 100
Thanks
Gabrielle