03-10-2009 09:04 AM
Hy,
The client has this Cisco 7609, with the following configuration (don't laugh about it):
Gi 3/1
ip address 172.16.0.1
ip nat inside
then there are two subinterfaces defined each of them from the two ISP
Gi 3/1.201
encapsulation dot1Q 201
ip address ISP_1_GW
Gi 3/1.202
encapsulation dot1Q 202
ip address ISP_2_GW
and other two subinterfaces each of them with the BGP subclass the client bought for use
Gi 3/1.101
encapsulation dot1Q 101
ip address BGP_subclass_1
Gi 3/1.102
encapsulation dot1Q 102
ip address BGP_subclass_2
I need to configure an Easy VPN Server so that stations from everywhere with Cisco VPN Client reach Cisco and take a public IP (it's up to me what IP) they just have to reach another resource with this IP, as that firewall permit access only from this IP.
The trouble is that, if want to define virtual interface and assign it to a crypto isakmp profile I can't. Because the command it's missing:
Cisco-7609(conf-isa-prof)#?
Crypto ISAKMP Profile Commands are:
accounting Enable AAA Accounting for IPSec Sessions
ca Specify certificate authorities to trust
client Specify client configuration settings
default Set a command to its defaults
description Specify a description of this profile
exit Exit from crypto isakmp profile sub mode
initiate Initiator property
isakmp ISAKMP Authorization command
keepalive Set a keepalive interval for use with IOS peers
keyring Specify keyring to use
local-address Interface to use for local address for this isakmp profile
match Match values of peer
no Negate a command or set its defaults
qos-group Apply a Qos policy class map for this profile
self-identity Specify Identity to use
vrf Spcify the VRF it is related to
The equipment is running:
Cisco IOS Software, c7600rsp72043_rp Software (c7600rsp72043_rp-ADVIPSERVICESK9-M), Version 12.2(33)SRB2, RELEASE SOFTWARE (fc1)
Upset of that I tried an old fashion method with a crypto map configuration I attached it. Then I keep receiving this message from the Cisco VPN Client:
Reason 412: The remote peer is no longer responding.
And here's an explanation: http://www.chicagotech.net/vpnissues/ciscoerror12.htm
But I have full connectivity with this IP as I tried one hop away from it.
SDM s not running on this model, so I m out of options.
Thanks in advance,
Florin.
03-16-2009 04:02 PM
Verifying Easy VPN Server
To verify your configurations for this feature, perform the following steps.
SUMMARY STEPS
1. enable
2. show crypto map [interface interface | tag map-name]
For further information click this link.
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t8/feature/guide/ftunity.html#wp1192045
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: