Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Client VPN with 2811

Hello,

I am trying to get a Cisco VPN client to connect to a 2811 router with the following config:

aaa new-model

!

!

aaa authentication login default local

aaa authentication login EZVPN group radius local

aaa authorization exec default local

aaa authorization network EZVPN local

!

aaa session-id common

!

ip inspect name CBAC tcp router-traffic

ip inspect name CBAC udp router-traffic

ip inspect name CBAC icmp router-traffic

!

!

!

crypto isakmp policy 10

encr 3des

hash md5

authentication pre-share

group 2

!

crypto isakmp client configuration group EZVPN

key ***********

domain bisson.local

pool EZVPN

acl EZVPN

split-dns bisson.local

!

!

crypto ipsec transform-set EZVPN esp-aes esp-md5-hmac

!

crypto dynamic-map EZVPN 1

set transform-set EZVPN

reverse-route

!

!

crypto map EZVPN client authentication list EZVPN

crypto map EZVPN isakmp authorization list EZVPN

crypto map EZVPN client configuration address respond

crypto map EZVPN 1 ipsec-isakmp dynamic EZVPN

!

!

!

!

interface Loopback0

ip address 1.1.1.1 255.255.255.255

!

interface FastEthernet0/0

description *** Connected to Internet ***

ip address x.x.x.x 255.255.255.248

ip nat outside

ip inspect CBAC out

ip virtual-reassembly

duplex auto

speed auto

crypto map EZVPN

!

ip local pool EZVPN 192.168.100.100 192.168.100.200

ip nat inside source list no_nat interface FastEthernet0/0 overload

!

ip access-list extended EZVPN

permit ip 10.150.1.0 0.0.0.255 192.168.100.0 0.0.0.255

!

I keep getting the following debug info:

29 19:15:23.161: ISAKMP:(0:1:SW:1):Total payload length: 12

*May 29 19:15:23.161: ISAKMP:(0:1:SW:1): sending packet to 24.97.162.243 my_port

500 peer_port 17474 (R) AG_INIT_EXCH

*May 29 19:15:23.161: ISAKMP:(0:1:SW:1):Input = IKE_MESG_FROM_AAA, PRESHARED_KEY

_REPLY

*May 29 19:15:23.161: ISAKMP:(0:1:SW:1):Old State = IKE_R_AM_AAA_AWAIT New Stat

e = IKE_R_AM2

biss01batr1#show crypto isakmp sa

dst src state conn-id slot status

66.152.204.123 24.97.162.243 AG_INIT_EXCH 1 0 ACTIVE

biss01batr1#

*May 29 19:15:28.045: ISAKMP (0:134217729): received packet from 24.97.162.243 d

port 500 sport 17474 Global (R) AG_INIT_EXCH

*May 29 19:15:28.045: ISAKMP:(0:1:SW:1): phase 1 packet is a duplicate of a prev

ious packet.

*May 29 19:15:28.045: ISAKMP:(0:1:SW:1): retransmitting due to retransmit phase

1

*May 29 19:15:28.545: ISAKMP:(0:1:SW:1): retransmitting phase 1 AG_INIT_EXCH...

*May 29 19:15:28.545: ISAKMP (0:134217729): incrementing error counter on sa, at

tempt 1 of 5: retransmit phase 1

*May 29 19:15:28.545: ISAKMP:(0:1:SW:1): retransmitting phase 1 AG_INIT_EXCH

biss01batr1#

*May 29 19:15:28.545: ISAKMP:(0:1:SW:1): sending packet to 24.97.162.243 my_port

500 peer_port 17474 (R) AG_INIT_EXCH

Any ideas?

1 REPLY
Silver

Re: Client VPN with 2811

Check this bug-id:CSCdt91068.

136
Views
0
Helpful
1
Replies