12-05-2003 02:06 AM - edited 02-21-2020 12:54 PM
Hi,
I tried to configure a 1720 Router with IOS 12.2(8)T
to act as an Easy VPN Server for Cisco VPN Clients and as an IPSec-GW (IPSec over L2TP) for MS VPN Clients (2000 and XP)at the same time.
After I configure the IKE PSK wild-card I cannot connect with Cisco Easy VPN Client. Has anybody a idea?
Here is my configuration:
1700#sh run
Building configuration...
Current configuration : 2670 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 1700
!
aaa new-model
!
!
aaa authentication login remoteuser local
aaa authentication ppp default local
aaa authentication ppp vpdn local
aaa authorization network author local
aaa session-id common
enable password isabel1
!
username xxxx password xxxx
username xxxx password xxxx
username xxxx password xxxx
memory-size iomem 15
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
!
!
!
vpdn enable
!
vpdn-group remote
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 1
local name lns
lcp renegotiation on-mismatch
no l2tp tunnel authentication
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
lifetime 3600
!
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key isabel1 address 217.1.2.3 no-xauth
crypto isakmp key isabel2 address 0.0.0.0 0.0.0.0 no-xauth
crypto isakmp client configuration address-pool local cisco
!
crypto isakmp client configuration group remoteuser
key isabel1
dns 10.10.10.10
wins 10.10.10.11
domain test-lab.com
pool cisco
!
!
crypto ipsec transform-set siteset esp-3des esp-md5-hmac
crypto ipsec transform-set remoteset esp-3des esp-sha-hmac
mode transport
!
crypto dynamic-map remote 1
set transform-set remoteset
set pfs group2
match address 101
!
crypto dynamic-map easy 1
set transform-set siteset
!
!
crypto map sitemap isakmp authorization list author
crypto map sitemap client configuration address respond
crypto map sitemap 1 ipsec-isakmp
set peer 217.1.2.3
set transform-set siteset
match address 100
crypto map sitemap 2 ipsec-isakmp dynamic remote
crypto map sitemap 3 ipsec-isakmp dynamic easy
!
!
!
!
interface Loopback1
ip address 10.10.10.1 255.255.255.0
!
interface FastEthernet0
ip address x.x.x.x 255.255.255.0
speed auto
crypto map sitemap
!
interface Virtual-Template1
ip unnumbered FastEthernet0
peer default ip address pool ipremote
ppp authentication ms-chap callin
!
ip local pool ipremote 10.10.10.2 10.10.10.3
ip local pool cisco 11.11.11.1
ip classless
ip route 0.0.0.0 0.0.0.0 217.1.1.2
ip route x.x.x.x 255.255.255.0 217.1.1.2
no ip http server
ip pim bidir-enable
!
!
access-list 100 permit ip 10.10.10.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 permit ip 11.11.11.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip host 217.1.1.1 any
!
snmp-server community testro RO
snmp-server community testrw RW
!
line con 0
line aux 0
line vty 0 4
password xxxx
line vty 5 15
password xxxxx
!
end
1700#
Thanks for help
12-11-2003 12:26 PM
Here is the link to a document on Configuring Cisco IOS Easy VPN. Hope this helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide