Easy VPN Server - 7609

Unanswered Question
Mar 10th, 2009
User Badges:
  • Bronze, 100 points or more

Hy,


The client has this Cisco 7609, with the following configuration (don't laugh about it):

Gi 3/1

ip address 172.16.0.1

ip nat inside

then there are two subinterfaces defined each of them from the two ISP

Gi 3/1.201

encapsulation dot1Q 201

ip address ISP_1_GW

Gi 3/1.202

encapsulation dot1Q 202

ip address ISP_2_GW


and other two subinterfaces each of them with the BGP subclass the client bought for use

Gi 3/1.101

encapsulation dot1Q 101

ip address BGP_subclass_1

Gi 3/1.102

encapsulation dot1Q 102

ip address BGP_subclass_2


I need to configure an Easy VPN Server so that stations from everywhere with Cisco VPN Client reach Cisco and take a public IP (it's up to me what IP) they just have to reach another resource with this IP, as that firewall permit access only from this IP.


The trouble is that, if want to define virtual interface and assign it to a crypto isakmp profile I can't. Because the command it's missing:

Cisco-7609(conf-isa-prof)#?


Crypto ISAKMP Profile Commands are:



accounting Enable AAA Accounting for IPSec Sessions


ca Specify certificate authorities to trust


client Specify client configuration settings


default Set a command to its defaults


description Specify a description of this profile


exit Exit from crypto isakmp profile sub mode


initiate Initiator property


isakmp ISAKMP Authorization command


keepalive Set a keepalive interval for use with IOS peers


keyring Specify keyring to use


local-address Interface to use for local address for this isakmp profile


match Match values of peer


no Negate a command or set its defaults


qos-group Apply a Qos policy class map for this profile


self-identity Specify Identity to use


vrf Spcify the VRF it is related to


The equipment is running:

Cisco IOS Software, c7600rsp72043_rp Software (c7600rsp72043_rp-ADVIPSERVICESK9-M), Version 12.2(33)SRB2, RELEASE SOFTWARE (fc1)


Upset of that I tried an old fashion method with a crypto map configuration I attached it. Then I keep receiving this message from the Cisco VPN Client:

Reason 412: The remote peer is no longer responding.

And here's an explanation: http://www.chicagotech.net/vpnissues/ciscoerror12.htm

But I have full connectivity with this IP as I tried one hop away from it.


SDM s not running on this model, so I m out of options.


Thanks in advance,

Florin.






Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion