Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1247
Views
0
Helpful
1
Replies

Easy VPN and IPSec with PSK,Wild-card and Mode-Config

cwolla
Level 1
Level 1

‎12-05-2003 02:06 AM - edited ‎02-21-2020 12:54 PM

Hi,

I tried to configure a 1720 Router with IOS 12.2(8)T

to act as an Easy VPN Server for Cisco VPN Clients and as an IPSec-GW (IPSec over L2TP) for MS VPN Clients (2000 and XP)at the same time.

After I configure the IKE PSK wild-card I cannot connect with Cisco Easy VPN Client. Has anybody a idea?

Here is my configuration:

1700#sh run

Building configuration...

Current configuration : 2670 bytes

!

version 12.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname 1700

!

aaa new-model

!

!

aaa authentication login remoteuser local

aaa authentication ppp default local

aaa authentication ppp vpdn local

aaa authorization network author local

aaa session-id common

enable password isabel1

!

username xxxx password xxxx

username xxxx password xxxx

username xxxx password xxxx

memory-size iomem 15

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

!

!

!

vpdn enable

!

vpdn-group remote

! Default L2TP VPDN group

accept-dialin

protocol l2tp

virtual-template 1

local name lns

lcp renegotiation on-mismatch

no l2tp tunnel authentication

!

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

lifetime 3600

!

crypto isakmp policy 10

hash md5

authentication pre-share

crypto isakmp key isabel1 address 217.1.2.3 no-xauth

crypto isakmp key isabel2 address 0.0.0.0 0.0.0.0 no-xauth

crypto isakmp client configuration address-pool local cisco

!

crypto isakmp client configuration group remoteuser

key isabel1

dns 10.10.10.10

wins 10.10.10.11

domain test-lab.com

pool cisco

!

!

crypto ipsec transform-set siteset esp-3des esp-md5-hmac

crypto ipsec transform-set remoteset esp-3des esp-sha-hmac

mode transport

!

crypto dynamic-map remote 1

set transform-set remoteset

set pfs group2

match address 101

!

crypto dynamic-map easy 1

set transform-set siteset

!

!

crypto map sitemap isakmp authorization list author

crypto map sitemap client configuration address respond

crypto map sitemap 1 ipsec-isakmp

set peer 217.1.2.3

set transform-set siteset

match address 100

crypto map sitemap 2 ipsec-isakmp dynamic remote

crypto map sitemap 3 ipsec-isakmp dynamic easy

!

!

!

!

interface Loopback1

ip address 10.10.10.1 255.255.255.0

!

interface FastEthernet0

ip address x.x.x.x 255.255.255.0

speed auto

crypto map sitemap

!

interface Virtual-Template1

ip unnumbered FastEthernet0

peer default ip address pool ipremote

ppp authentication ms-chap callin

!

ip local pool ipremote 10.10.10.2 10.10.10.3

ip local pool cisco 11.11.11.1

ip classless

ip route 0.0.0.0 0.0.0.0 217.1.1.2

ip route x.x.x.x 255.255.255.0 217.1.1.2

no ip http server

ip pim bidir-enable

!

!

access-list 100 permit ip 10.10.10.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 100 permit ip 11.11.11.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 101 permit ip host 217.1.1.1 any

!

snmp-server community testro RO

snmp-server community testrw RW

!

line con 0

line aux 0

line vty 0 4

password xxxx

line vty 5 15

password xxxxx

!

end

1700#

Thanks for help

Labels:
0 Helpful
1 Reply 1

wong34539
Level 6
Level 6

‎12-11-2003 12:26 PM

Here is the link to a document on Configuring Cisco IOS Easy VPN. Hope this helps.

http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns27/networking_solutions_white_paper09186a0080189133.shtml

0 Helpful
Customers Also Viewed These Support Documents