Trouble with IP address assignment

Unanswered Question
Sep 24th, 2008
User Badges:

have the following config and I can not get the client to pull an ip address

crypto pki trustpoint dc-ho1

enrollment mode ra

enrollment url

serial-number none


ip-address none

password xxx

subject-name O=EDT, OU=VPN, C=US, ST=Tx

revocation-check crl






crypto pki certificate map cert_map 10

subject-name co ou = vpn


crypto isakmp policy 1

encr 3des

crypto isakmp client configuration group VPN




pool hoedtvpn

acl 101



crypto isakmp profile VPN_client

ca trust-point dc-ho1

match certificate cert_map

client configuration address respond

client configuration group VPN

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto dynamic-map vpnclient 20

set transform-set ESP-3DES-SHA

crypto map vpnmap1 local-address GigabitEthernet0/1

crypto map vpnmap1 client configuration address respond

crypto map vpnmap1 20 ipsec-isakmp dynamic vpnclient

interface GigabitEthernet0/1

description External Interface

ip address 64.XX.XX.XXX

ip access-group 111 in

duplex auto

speed auto

media-type rj45

crypto map vpnmap1

ip local pool hoedtvpn

access-list 101 permit ip

access-list 111 remark SDM_ACL Category=17

access-list 111 remark Auto generated by SDM for NTP (123)

access-list 111 permit udp host eq ntp host 64.XX.xx.XXX eq ntp

access-list 111 permit udp any any eq isakmp

access-list 111 permit udp any any eq non500-isakmp

access-list 111 permit icmp any any

access-list 111 permit tcp any any eq 22

access-list 111 permit tcp any any eq telnet

access-list 111 permit gre any any

access-list 111 permit esp any any

access-list 111 permit tcp any any eq 10000

If I assign the pool directly under isakmp it will work but does not provide the other needed attributes, dns, wins ect.

when debug I get

Sep 23 14:48:24.090: ISAKMP:(7177):attributes sent in message:

Sep 23 14:48:24.090: Address:

Sep 23 14:48:24.090: ISAKMP:(7177):No IP address pool defined for ISAKMP!

Sep 23 14:48:24.090: ISAKMP:(7177):peer does not do paranoid keepalives.

Sep 23 14:48:24.090: ISAKMP:(7177):deleting SA reason "Fail to allocate ip address" state (R) CONF_ADDR (peer 24.XXX.XX.XX)

any ideas?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion