This is the first time for me to work with Cisco Router.
The below mentioned is my configuration where
Cisco Srv is Cisco 7200 Series Router
XYZ is one VPN Server running on Linux.
RAC is the Remote Access VPN Client
| RAC |-----> | XYZ | ===== | Cisco Srv |
I managed to get RAC configuration from Cisco Product Summary guide.
For the dynamic site-to-site i went through the document to figure out
I have combined these configuration into one and applied them on the Cisco Srv.
I can individually create a tunnel between Cisco Srv and RAC also between Cisco Srv and XYZ with this configuration mentioned below.
But when the tunnel between Cisco Srv and XYZ is established, i can't create a tunnel with RAC from Cisco Srv.
The RAC to Cisco Srv tunnel is broken when the XYZ to Cisco Srv tunnel is established.
But i could see the iskamp packets are received by the cisco srv. But it is not acknowledging that.
Please let me know where i went wrong.
Thanks in advance.
The configuration for the Cisco Srv: no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption service internal ! hostname Cisco7200 ! aaa new-model ! ! aaa authorization network hw-client-groupname local aaa session-id common enable password cisco ! memory-size iomem 16 clock timezone - 0 6 ip subnet-zero no ip source-route ! ! ip domain-name cisco.com ! ip audit notify log ip audit po max-events 100 ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp client configuration address-pool local dynpool ! crypto isakmp client configuration group hw-client-groupname key hw-client-password dns 22.214.171.124 126.96.36.199 wins 188.8.131.52 184.108.40.206 domain cisco.com pool dynpool crypto isakm profile VPNclient description VPN clients profile match identity group hw-client-groupname isakmp authorization list hw-client-groupname client configuration address respond crypto ipsec transform-set transform-1 esp-3des esp-sha-hmac crypto dynamic-map vpnclient 1 set transform-set transform-1 set isakmp-profile VPNclient reverse-route ! crypto isakmp policy 10 encr aes 256 hash sha authentication pre-share group 2 crypto isakmp key somestrongkey address 0.0.0.0 0.0.0.0 crypto ipsec transform-set ts esp-aes 256 esp-sha-hmac ip access-list extended vpn deny ip 192.168.1.22 255.255.255.255 220.127.116.11 255.255.255.0 permit ip 192.168.1.22 255.255.255.225 any crypto dynamic-map vpndynamic 10 set transform-set ts match address vpn reverse-route crypto map dynmap 1 ipsec-isakmp dynamic vpnclient crypto map dynmap 10 ipsec-isakmp dynamic vpndynamic interface FastEthernet1/0 ip addr 192.168.1.22 255.255.255.0 no shutdown crypto map dynmap no cdp enable ! interface f1/1 description connected to HQ LAN ip address 18.104.22.168 255.255.255.0 no shutdown speed auto no cdp enable ! ip local pool dynpool 22.214.171.124 126.96.36.199 ip classless ip route 188.8.131.52 255.255.255.0 192.168.1.2 no ip http server ip pim bidir-enable ! ! no cdp run ! line con 0 line aux 0 line vty 0 4 password cisco ! end