Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Easy VPN and IPSec with PSK,Wild-card and Mode-Config


I tried to configure a 1720 Router with IOS 12.2(8)T

to act as an Easy VPN Server for Cisco VPN Clients and as an IPSec-GW (IPSec over L2TP) for MS VPN Clients (2000 and XP)at the same time.

After I configure the IKE PSK wild-card I cannot connect with Cisco Easy VPN Client. Has anybody a idea?

Here is my configuration:

1700#sh run

Building configuration...

Current configuration : 2670 bytes


version 12.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption


hostname 1700


aaa new-model



aaa authentication login remoteuser local

aaa authentication ppp default local

aaa authentication ppp vpdn local

aaa authorization network author local

aaa session-id common

enable password isabel1


username xxxx password xxxx

username xxxx password xxxx

username xxxx password xxxx

memory-size iomem 15

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero




vpdn enable


vpdn-group remote

! Default L2TP VPDN group


protocol l2tp

virtual-template 1

local name lns

lcp renegotiation on-mismatch

no l2tp tunnel authentication



crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

lifetime 3600


crypto isakmp policy 10

hash md5

authentication pre-share

crypto isakmp key isabel1 address no-xauth

crypto isakmp key isabel2 address no-xauth

crypto isakmp client configuration address-pool local cisco


crypto isakmp client configuration group remoteuser

key isabel1




pool cisco



crypto ipsec transform-set siteset esp-3des esp-md5-hmac

crypto ipsec transform-set remoteset esp-3des esp-sha-hmac

mode transport


crypto dynamic-map remote 1

set transform-set remoteset

set pfs group2

match address 101


crypto dynamic-map easy 1

set transform-set siteset



crypto map sitemap isakmp authorization list author

crypto map sitemap client configuration address respond

crypto map sitemap 1 ipsec-isakmp

set peer

set transform-set siteset

match address 100

crypto map sitemap 2 ipsec-isakmp dynamic remote

crypto map sitemap 3 ipsec-isakmp dynamic easy





interface Loopback1

ip address


interface FastEthernet0

ip address x.x.x.x

speed auto

crypto map sitemap


interface Virtual-Template1

ip unnumbered FastEthernet0

peer default ip address pool ipremote

ppp authentication ms-chap callin


ip local pool ipremote

ip local pool cisco

ip classless

ip route

ip route x.x.x.x

no ip http server

ip pim bidir-enable



access-list 100 permit ip

access-list 100 permit ip

access-list 101 permit ip host any


snmp-server community testro RO

snmp-server community testrw RW


line con 0

line aux 0

line vty 0 4

password xxxx

line vty 5 15

password xxxxx




Thanks for help


Re: Easy VPN and IPSec with PSK,Wild-card and Mode-Config

Here is the link to a document on Configuring Cisco IOS Easy VPN. Hope this helps.

CreatePlease login to create content