07-05-2008 02:09 PM - edited 02-21-2020 03:48 PM
i configured vpn on this 877 router through cisco sdm but i still cannot vpn
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname pk
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 xxxxxxxxxxxxxx
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
!
!
aaa session-id common
clock timezone PCTime 5
!
crypto pki trustpoint TP-self-signed-2761353319
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2761353319
revocation-check none
rsakeypair TP-self-signed-2761353319
!
!
crypto pki certificate chain TP-self-signed-2761353319
certificate self-signed 01
xxxxxxxx xxxxxxx
quit
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1
!
ip dhcp pool sdm-pool1
import all
network 192.168.0.0 255.255.255.0
dns-server xxxxxxxxxxxx xxxxxxxxxxxxxx
default-router 192.168.0.1
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip bootp server
!
!
!
username xx
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group Chapal
key xxxxxxxx
crypto isakmp profile sdm-ike-profile-1
match identity group Chapal
client authentication list sdm_vpn_xauth_ml_1
isakmp authorization list sdm_vpn_group_ml_1
client configuration address respond
virtual-template 1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto ipsec profile SDM_Profile1
set transform-set ESP-3DES-SHA
set isakmp-profile sdm-ike-profile-1
!
!
crypto ctcp port 10000
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
pvc 0/103
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Virtual-Template1 type tunnel
ip unnumbered Vlan1
ip nat inside
ip virtual-reassembly
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile1
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
!
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
!
!
control-plane
!
line con 0
no modem enable
transport output telnet
line aux 0
transport output telnet
line vty 0 4
privilege level 15
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
07-06-2008 10:53 AM
Is it a site to site or remote VPN
Have you run a debug on the router and the client VPN
07-06-2008 11:53 AM
remote vpn server.......no havent run the debug but the client says initiating and then its not responding
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide