02-07-2003 02:47 AM - edited 03-09-2019 02:00 AM
Do you know if it's possible to use VPN3000 client to connect on the Cisco 837 (3des) ?
02-09-2003 05:54 PM
Yes, the code image used on the 837 was taken from 12.2(8)T which was the first release that supported the VPN client connectivity.
04-17-2003 05:20 PM
Hi,
I am using 837 as a VPN gateway and the remote site is using VPN client 3.6.
The users are not able to connect. They always get error " Aggressive mode failed"... anything wrong with my config ???
thanks
Building configuration...
Current configuration : 2824 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname NanoRouter
!
no logging buffered
no logging monitor
!
ip subnet-zero
ip dhcp excluded-address 192.168.1.3
!
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
ip audit notify log
ip audit po max-events 100
!
crypto isakmp policy 3
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group vpngroup
key cisco123
dns 192.168.1.4
wins 192.168.1.4
domain nanofilm.com.sg
pool ippool
acl 188
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
reverse-route
!
!
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!
!
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
ip nat inside
no ip mroute-cache
hold-queue 100 out
!
interface ATM0
description connection to SingNet
no ip address
ip nat outside
atm vc-per-vp 64
no atm ilmi-keepalive
dsl operating-mode auto
dsl power-cutback 0
!
interface ATM0.1 point-to-point
ip address x.x.x.x 255.255.255.252
ip access-group 111 in
ip nat outside
pvc 8/35
encapsulation aal5snap
!
crypto map clientmap
!
ip local pool ippool 172.16.0.1 172.16.0.15
ip nat inside source list 1 interface ATM0.1 overload
ip nat inside source static tcp 192.168.1.3 3389 interface ATM0.1 3389
ip nat inside source static tcp 192.168.1.3 443 interface ATM0 443
ip nat inside source static tcp 192.168.1.3 143 interface ATM0.1 143
ip nat inside source static tcp 192.168.1.3 110 interface ATM0.1 110
ip nat inside source static tcp 192.168.1.3 80 interface ATM0.1 80
ip nat inside source static tcp 192.168.1.3 25 interface ATM0.1 25
ip classless
ip route 0.0.0.0 0.0.0.0 ATM0.1
ip http server
!
!
logging trap errors
logging facility user
logging 192.168.1.156
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 188 permit ip 192.168.1.0 0.0.0.255 172.16.0.0 0.0.0.255
!
line con 0
exec-timeout 120 0
no modem enable
stopbits 1
line aux 0
stopbits 1
line vty 0 4
exec-timeout 120 0
password 7 03125219121A2040
login
length 0
!
scheduler max-task-time 5000
end
Cisco Internetwork Operating System Software
IOS (tm) C837 Software (C837-K9O3Y6-M), Version 12.2(8)YN, EARLY DEPLOYMENT RELE
ASE SOFTWARE (fc1)
Synched to technology version 12.2(11.2u)T
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Wed 30-Oct-02 15:35 by ealyon
Image text-base: 0x800131D8, data-base: 0x8091FE68
ROM: System Bootstrap, Version 12.2(8r)YN, RELEASE SOFTWARE (fc1)
ROM: C837 Software (C837-K9O3Y6-M), Version 12.2(8)YN, EARLY DEPLOYMENT RELEASE
SOFTWARE (fc1)
NanoRouter uptime is 16 hours, 27 minutes
System returned to ROM by reload
System image file is "flash:c837-k9o3y6-mz.122-8.YN.bin"
CISCO C837 (MPC857DSL) processor (revision 0x200) with 29492K/3276K bytes of mem
ory.
Processor board ID AMB0704034H (1236450451), with hardware revision 0000
CPU rev number 7
Bridging software.
1 Ethernet/IEEE 802.3 interface(s)
1 ATM network interface(s)
128K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)
2048K bytes of processor board Web flash (Read/Write)
Configuration register is 0x2102
04-30-2003 04:41 AM
Hi
I am getting the same error.
Basically there is an error matching the isakmp policy , and it "aggressively tries all isakmp settings before giving up.
The same basic config works on a PIX.
Did ypu solve the problem yet , I would love to know the fix /error
y
00:03:58: ISAKMP: encryption DES-CBC
00:03:58: ISAKMP: hash SHA
00:03:58: ISAKMP: default group 2
00:03:58: ISAKMP: auth pre-share
00:03:58: ISAKMP: life type in seconds
00:03:58: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
00:03:58: ISAKMP (0:1): Authentication method offered does not match policy!
00:03:58: ISAKMP (0:1): atts are not acceptable. Next payload is 3
00:03:58: ISAKMP (0:1): Checking ISAKMP transform 8 against priority 6553
05-21-2003 09:08 PM
Hi there,
I'm also getting the same error on my 837. The same config was used on a 827 and it also worked fine there. Do anyone have any idea?
Regards
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: