Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
269
Views
0
Helpful
3
Replies

site to Client VPN connection

ntmanjunath
Level 1
Level 1

‎02-18-2009 04:07 AM

Hi,

Am unable to connect to VPN gateway through VPN Client.The configuration is as follows.

username manju password 0 cisco

!

!

!

crypto isakmp policy 1

encr 3des

authentication pre-share

!

crypto isakmp client configuration group vpnclient

key airtel@123

domain netsol.com

pool ippool

acl splitremote

!

!

crypto ipsec transform-set myairtel ah-md5-hmac esp-3des

!

crypto dynamic-map dynmap 10

set transform-set myairtel

reverse-route

!

!

crypto map clientmap client authentication list userauthen

crypto map clientmap isakmp authorization list groupauthor

crypto map clientmap client configuration address respond

crypto map clientmap 10 ipsec-isakmp dynamic dynmap

!

!

!

!

interface Loopback0

ip address 10.11.10.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface Loopback1

ip address 172.16.10.1 255.255.255.0

!

interface Loopback2

ip address 172.16.20.1 255.255.255.0

!

interface Loopback3

ip address 172.16.30.1 255.255.255.0

!

interface Loopback4

ip address 172.16.40.1 255.255.255.0

!

interface Loopback5

ip address 172.16.50.1 255.255.255.0

!

interface FastEthernet0/0

ip address 10.97.37.252 255.255.255.0

ip nat outside

ip virtual-reassembly

speed auto

full-duplex

no mop enabled

crypto map clientmap

!

interface FastEthernet0/1

no ip address

duplex auto

speed auto

!

interface FastEthernet0/1.1

encapsulation dot1Q 1 native

ip address 10.97.38.1 255.255.255.0

!

interface Serial0/0/0

description PE40-AIRTEL-NOC [10.20.30.2/29]

ip address 172.26.16.14 255.255.255.0

clock rate 2000000

!

interface Serial0/0/1

ip address 20.20.20.1 255.255.255.0

encapsulation frame-relay

clock rate 2000000

frame-relay map ip 20.20.20.2 100 broadcast

frame-relay lmi-type ansi

!

interface Serial0/1/0

ip address 172.26.16.14 255.255.255.0

!

interface Serial0/1/1

ip address 192.168.10.1 255.255.255.0

!

router eigrp 10

redistribute static

network 10.0.0.0

network 172.16.0.0

network 172.26.0.0

network 192.168.10.0

no auto-summary

!

ip local pool ippool 192.168.1.1 192.168.1.2

ip route 0.0.0.0 0.0.0.0 10.97.37.254

!

!

Labels:
Preview file
2305 KB
0 Helpful
3 Replies 3

Ivan Martinon
Level 7
Level 7

‎02-18-2009 01:08 PM

Can you get the debug crypto isakmp from your router when you are trying to connect?

0 Helpful

ntmanjunath
Level 1
Level 1
In response to Ivan Martinon

‎02-18-2009 10:51 PM

Hi,

Please find the attached debug information as requested.

Preview file
10 KB
0 Helpful

Ivan Martinon
Level 7
Level 7
In response to ntmanjunath

‎02-19-2009 07:55 AM

Ok I see what you are missing, try to change the DH group of the isakmp policy to 2 instead of 1 which is what you have right now:

crypto isakmp policy 1

encr 3des

authentication pre-share

it should look like this:

crypto isakmp policy 1

encr 3des

group 2

authentication pre-share

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents