Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Easy VPN and IPSec with PSK,Wild-card and Mode-Config

Hi,

I tried to configure a 1720 Router with IOS 12.2(8)T

to act as an Easy VPN Server for Cisco VPN Clients and as an IPSec-GW (IPSec over L2TP) for MS VPN Clients (2000 and XP)at the same time.

After I configure the IKE PSK wild-card I cannot connect with Cisco Easy VPN Client. Has anybody a idea?

Here is my configuration:

1700#sh run

Building configuration...

Current configuration : 2670 bytes

!

version 12.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname 1700

!

aaa new-model

!

!

aaa authentication login remoteuser local

aaa authentication ppp default local

aaa authentication ppp vpdn local

aaa authorization network author local

aaa session-id common

enable password isabel1

!

username xxxx password xxxx

username xxxx password xxxx

username xxxx password xxxx

memory-size iomem 15

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

!

!

!

vpdn enable

!

vpdn-group remote

! Default L2TP VPDN group

accept-dialin

protocol l2tp

virtual-template 1

local name lns

lcp renegotiation on-mismatch

no l2tp tunnel authentication

!

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

lifetime 3600

!

crypto isakmp policy 10

hash md5

authentication pre-share

crypto isakmp key isabel1 address 217.1.2.3 no-xauth

crypto isakmp key isabel2 address 0.0.0.0 0.0.0.0 no-xauth

crypto isakmp client configuration address-pool local cisco

!

crypto isakmp client configuration group remoteuser

key isabel1

dns 10.10.10.10

wins 10.10.10.11

domain test-lab.com

pool cisco

!

!

crypto ipsec transform-set siteset esp-3des esp-md5-hmac

crypto ipsec transform-set remoteset esp-3des esp-sha-hmac

mode transport

!

crypto dynamic-map remote 1

set transform-set remoteset

set pfs group2

match address 101

!

crypto dynamic-map easy 1

set transform-set siteset

!

!

crypto map sitemap isakmp authorization list author

crypto map sitemap client configuration address respond

crypto map sitemap 1 ipsec-isakmp

set peer 217.1.2.3

set transform-set siteset

match address 100

crypto map sitemap 2 ipsec-isakmp dynamic remote

crypto map sitemap 3 ipsec-isakmp dynamic easy

!

!

!

!

interface Loopback1

ip address 10.10.10.1 255.255.255.0

!

interface FastEthernet0

ip address x.x.x.x 255.255.255.0

speed auto

crypto map sitemap

!

interface Virtual-Template1

ip unnumbered FastEthernet0

peer default ip address pool ipremote

ppp authentication ms-chap callin

!

ip local pool ipremote 10.10.10.2 10.10.10.3

ip local pool cisco 11.11.11.1

ip classless

ip route 0.0.0.0 0.0.0.0 217.1.1.2

ip route x.x.x.x 255.255.255.0 217.1.1.2

no ip http server

ip pim bidir-enable

!

!

access-list 100 permit ip 10.10.10.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 100 permit ip 11.11.11.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 101 permit ip host 217.1.1.1 any

!

snmp-server community testro RO

snmp-server community testrw RW

!

line con 0

line aux 0

line vty 0 4

password xxxx

line vty 5 15

password xxxxx

!

end

1700#

Thanks for help

1 REPLY
Silver

Re: Easy VPN and IPSec with PSK,Wild-card and Mode-Config

Here is the link to a document on Configuring Cisco IOS Easy VPN. Hope this helps.

http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns27/networking_solutions_white_paper09186a0080189133.shtml

984
Views
0
Helpful
1
Replies
CreatePlease login to create content