Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
396
Views
0
Helpful
4
Replies

1721 router and Vpn client 1.1 problem

sudhakar.joseph
Level 1
Level 1

‎08-23-2002 02:39 AM - edited ‎02-21-2020 12:01 PM

I have a 1720 router,having outside public ip address to connect to the ISP and I got a range of public ip addresses for the inside interfaces.the 1721 has ip/fw/ipsec 3DES bundle and a cryoto card .I am configuring the router so that vpn client 1.1 should connect to it through dialup.

The configuration is like this

----------------------------------------

crypto isakmp policy 10

encr 3des

authentication pre-share

crypto isakmp key xxxxxx address 0.0.0.0 0.0.0.0

crypto isakmp client configuration address-pool local test-pool

!

!

crypto ipsec transform-set test-tranfer esp-3des esp-sha-hmac

!

crypto dynamic-map test-dynamic 10

set transform-set test-tranfer

!

!

crypto map test client configuration address initiate

crypto map test client configuration address respond

crypto map test 10 ipsec-isakmp dynamic test-dynamic

!!

interface FastEthernet0

ip address 213.x.x.x 255.255.255.x

speed auto

!

interface Serial0

description connected to etisalat

ip address 194.x.x.x 255.255.255.x

crypto map test

!

ip local pool test-pool 213.42.x.1 213.42.x.100

ip classless

ip subnet-zero

ip route 0.0.0.0 0.0.0.0 194.x.x.x

no ip http server

ip http port 8080

ip pim bidir-enable

!

--------------------------

When i try to ping the outside interface of the router from a pc having vpn installed(1.1) and when i give debug crypto engine command on the router,it says...."packet lost due to missing cryptomap".

Can anybody tell me where i am wrong.what extra configuration i need ?

Any help would be highly appreciated.

Tanweer

Labels:
0 Helpful
4 Replies 4

adushey
Level 1
Level 1

‎08-23-2002 07:50 AM

What happens when you ping the internal interface or internal servers? Is the pool of addresses on the same subnet as the internal interface?

0 Helpful

sudhakar.joseph
Level 1
Level 1
In response to adushey

‎08-23-2002 08:20 PM

Since i cant ping to the outside interface of the router ,so too i cant ping to the

inside.Moreover the pool of ip address i took are of from same class , but of course diifferent subnet.

Any help will be highly appreciated.

0 Helpful

hshaikh
Level 1
Level 1
In response to sudhakar.joseph

‎09-01-2002 10:44 PM

Are these protocol enabled on outside interface.Enable & check.

AH=51/ESP=50/ISAKMP=500

0 Helpful

chlovell
Level 1
Level 1

‎09-02-2002 06:52 AM

change the local pool to be something that is nowhere on your network like 10.1.1.1-254

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents