Cisco Support Community
Community Member

Information about Cisco 837

Do you know if it's possible to use VPN3000 client to connect on the Cisco 837 (3des) ?

Cisco Employee

Re: Information about Cisco 837

Yes, the code image used on the 837 was taken from 12.2(8)T which was the first release that supported the VPN client connectivity.

Community Member

Re: Information about Cisco 837


I am using 837 as a VPN gateway and the remote site is using VPN client 3.6.

The users are not able to connect. They always get error " Aggressive mode failed"... anything wrong with my config ???


Building configuration...

Current configuration : 2824 bytes


version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption


hostname NanoRouter


no logging buffered

no logging monitor


ip subnet-zero

ip dhcp excluded-address


ip inspect name myfw cuseeme timeout 3600

ip inspect name myfw ftp timeout 3600

ip inspect name myfw rcmd timeout 3600

ip inspect name myfw realaudio timeout 3600

ip inspect name myfw smtp timeout 3600

ip inspect name myfw tftp timeout 30

ip inspect name myfw udp timeout 15

ip inspect name myfw tcp timeout 3600

ip inspect name myfw h323 timeout 3600

ip audit notify log

ip audit po max-events 100


crypto isakmp policy 3

encr 3des

hash md5

authentication pre-share

group 2


crypto isakmp client configuration group vpngroup

key cisco123




pool ippool

acl 188



crypto ipsec transform-set myset esp-3des esp-md5-hmac


crypto dynamic-map dynmap 10

set transform-set myset




crypto map clientmap client configuration address respond

crypto map clientmap 10 ipsec-isakmp dynamic dynmap





interface Ethernet0

ip address

ip nat inside

no ip mroute-cache

hold-queue 100 out


interface ATM0

description connection to SingNet

no ip address

ip nat outside

atm vc-per-vp 64

no atm ilmi-keepalive

dsl operating-mode auto

dsl power-cutback 0


interface ATM0.1 point-to-point

ip address x.x.x.x

ip access-group 111 in

ip nat outside

pvc 8/35

encapsulation aal5snap


crypto map clientmap


ip local pool ippool

ip nat inside source list 1 interface ATM0.1 overload

ip nat inside source static tcp 3389 interface ATM0.1 3389

ip nat inside source static tcp 443 interface ATM0 443

ip nat inside source static tcp 143 interface ATM0.1 143

ip nat inside source static tcp 110 interface ATM0.1 110

ip nat inside source static tcp 80 interface ATM0.1 80

ip nat inside source static tcp 25 interface ATM0.1 25

ip classless

ip route ATM0.1

ip http server



logging trap errors

logging facility user


access-list 1 permit

access-list 188 permit ip


line con 0

exec-timeout 120 0

no modem enable

stopbits 1

line aux 0

stopbits 1

line vty 0 4

exec-timeout 120 0

password 7 03125219121A2040


length 0


scheduler max-task-time 5000


Cisco Internetwork Operating System Software

IOS (tm) C837 Software (C837-K9O3Y6-M), Version 12.2(8)YN, EARLY DEPLOYMENT RELE


Synched to technology version 12.2(11.2u)T

TAC Support:

Copyright (c) 1986-2002 by cisco Systems, Inc.

Compiled Wed 30-Oct-02 15:35 by ealyon

Image text-base: 0x800131D8, data-base: 0x8091FE68

ROM: System Bootstrap, Version 12.2(8r)YN, RELEASE SOFTWARE (fc1)

ROM: C837 Software (C837-K9O3Y6-M), Version 12.2(8)YN, EARLY DEPLOYMENT RELEASE


NanoRouter uptime is 16 hours, 27 minutes

System returned to ROM by reload

System image file is "flash:c837-k9o3y6-mz.122-8.YN.bin"

CISCO C837 (MPC857DSL) processor (revision 0x200) with 29492K/3276K bytes of mem


Processor board ID AMB0704034H (1236450451), with hardware revision 0000

CPU rev number 7

Bridging software.

1 Ethernet/IEEE 802.3 interface(s)

1 ATM network interface(s)

128K bytes of non-volatile configuration memory.

8192K bytes of processor board System flash (Read/Write)

2048K bytes of processor board Web flash (Read/Write)

Configuration register is 0x2102

Community Member

Re: Information about Cisco 837


I am getting the same error.

Basically there is an error matching the isakmp policy , and it "aggressively tries all isakmp settings before giving up.

The same basic config works on a PIX.

Did ypu solve the problem yet , I would love to know the fix /error


00:03:58: ISAKMP: encryption DES-CBC

00:03:58: ISAKMP: hash SHA

00:03:58: ISAKMP: default group 2

00:03:58: ISAKMP: auth pre-share

00:03:58: ISAKMP: life type in seconds

00:03:58: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B

00:03:58: ISAKMP (0:1): Authentication method offered does not match policy!

00:03:58: ISAKMP (0:1): atts are not acceptable. Next payload is 3

00:03:58: ISAKMP (0:1): Checking ISAKMP transform 8 against priority 6553

Community Member

Re: Information about Cisco 837

Hi there,

I'm also getting the same error on my 837. The same config was used on a 827 and it also worked fine there. Do anyone have any idea?


CreatePlease to create content