Trouble with IP address assignment

Unanswered Question
Sep 24th, 2008

have the following config and I can not get the client to pull an ip address

crypto pki trustpoint dc-ho1

enrollment mode ra

enrollment url http://10.10.20.2:80/certsrv/mscep/mscep.dll

serial-number none

fqdn HOEDTVPN.edt.net

ip-address none

password xxx

subject-name O=EDT, OU=VPN, C=US, ST=Tx

revocation-check crl

rsakeypair HOEDTVPN.edt.net

auto-enroll

!

!

!

crypto pki certificate map cert_map 10

subject-name co ou = vpn

!

crypto isakmp policy 1

encr 3des

crypto isakmp client configuration group VPN

dns 10.10.20.2

wins 10.10.20.2

domain edg.net

pool hoedtvpn

acl 101

netmask 255.255.255.128

!

crypto isakmp profile VPN_client

ca trust-point dc-ho1

match certificate cert_map

client configuration address respond

client configuration group VPN

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto dynamic-map vpnclient 20

set transform-set ESP-3DES-SHA

crypto map vpnmap1 local-address GigabitEthernet0/1

crypto map vpnmap1 client configuration address respond

crypto map vpnmap1 20 ipsec-isakmp dynamic vpnclient

interface GigabitEthernet0/1

description External Interface

ip address 64.XX.XX.XXX 255.255.255.248

ip access-group 111 in

duplex auto

speed auto

media-type rj45

crypto map vpnmap1

ip local pool hoedtvpn 10.20.90.1 10.20.90.126

access-list 101 permit ip 10.0.0.0 0.0.0.255 10.20.90.0 0.0.0.127

access-list 111 remark SDM_ACL Category=17

access-list 111 remark Auto generated by SDM for NTP (123) 10.10.20.2

access-list 111 permit udp host 10.10.20.2 eq ntp host 64.XX.xx.XXX eq ntp

access-list 111 permit udp any any eq isakmp

access-list 111 permit udp any any eq non500-isakmp

access-list 111 permit icmp any any

access-list 111 permit tcp any any eq 22

access-list 111 permit tcp any any eq telnet

access-list 111 permit gre any any

access-list 111 permit esp any any

access-list 111 permit tcp any any eq 10000

If I assign the pool directly under isakmp it will work but does not provide the other needed attributes, dns, wins ect.

when debug I get

Sep 23 14:48:24.090: ISAKMP:(7177):attributes sent in message:

Sep 23 14:48:24.090: Address: 0.2.0.0

Sep 23 14:48:24.090: ISAKMP:(7177):No IP address pool defined for ISAKMP!

Sep 23 14:48:24.090: ISAKMP:(7177):peer does not do paranoid keepalives.

Sep 23 14:48:24.090: ISAKMP:(7177):deleting SA reason "Fail to allocate ip address" state (R) CONF_ADDR (peer 24.XXX.XX.XX)

any ideas?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion