Easy VPN Server - 7609

Unanswered Question
Mar 10th, 2009

Hy,

The client has this Cisco 7609, with the following configuration (don't laugh about it):

Gi 3/1

ip address 172.16.0.1

ip nat inside

then there are two subinterfaces defined each of them from the two ISP

Gi 3/1.201

encapsulation dot1Q 201

ip address ISP_1_GW

Gi 3/1.202

encapsulation dot1Q 202

ip address ISP_2_GW

and other two subinterfaces each of them with the BGP subclass the client bought for use

Gi 3/1.101

encapsulation dot1Q 101

ip address BGP_subclass_1

Gi 3/1.102

encapsulation dot1Q 102

ip address BGP_subclass_2

I need to configure an Easy VPN Server so that stations from everywhere with Cisco VPN Client reach Cisco and take a public IP (it's up to me what IP) they just have to reach another resource with this IP, as that firewall permit access only from this IP.

The trouble is that, if want to define virtual interface and assign it to a crypto isakmp profile I can't. Because the command it's missing:

Cisco-7609(conf-isa-prof)#?

Crypto ISAKMP Profile Commands are:

accounting Enable AAA Accounting for IPSec Sessions

ca Specify certificate authorities to trust

client Specify client configuration settings

default Set a command to its defaults

description Specify a description of this profile

exit Exit from crypto isakmp profile sub mode

initiate Initiator property

isakmp ISAKMP Authorization command

keepalive Set a keepalive interval for use with IOS peers

keyring Specify keyring to use

local-address Interface to use for local address for this isakmp profile

match Match values of peer

no Negate a command or set its defaults

qos-group Apply a Qos policy class map for this profile

self-identity Specify Identity to use

vrf Spcify the VRF it is related to

The equipment is running:

Cisco IOS Software, c7600rsp72043_rp Software (c7600rsp72043_rp-ADVIPSERVICESK9-M), Version 12.2(33)SRB2, RELEASE SOFTWARE (fc1)

Upset of that I tried an old fashion method with a crypto map configuration I attached it. Then I keep receiving this message from the Cisco VPN Client:

Reason 412: The remote peer is no longer responding.

And here's an explanation: http://www.chicagotech.net/vpnissues/ciscoerror12.htm

But I have full connectivity with this IP as I tried one hop away from it.

SDM s not running on this model, so I m out of options.

Thanks in advance,

Florin.

Attachment: 
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion