Cisco Support Community
Community Member

IPSec access with VPN Client and Router


I have configured a central router with ipsec for vpn clients.

The clients logs in over isdn to a provider and get a dynamic ip address.

That works fine.

Now i want also a router to log in over isdn with a dynamic ip address.

The router starts the isakmp conversation. But if the xauth starts the central router messages:

Unknown Input: state=IKE_XAUTH_REQ_SENT

the other router messages: request for xauth-username denied

I think that the connecting router can not sent a authentication like a vpn client.

But i can only configure one crypto map per interface and so i have to use the map for the vpn clients.

So is it possible to connect to one routerinterface over ipsec with a vpn client and another router ?

Merci for your help


Cisco Employee

Re: IPSec access with VPN Client and Router

You should disable xauth for the static peer ie., the router.

crypto isakmp key XXXXXX address no-xauth


crypto isakmp key XXXXXX hostname no-xauth

This is made possible via CSCdr46129.


Community Member

Re: IPSec access with VPN Client and Router

Thanks or your response.

The problem is that the router also connects via ISP ( with a dynamic IP address ) to the central router. So i can not configure a entry as you described.

Maybe with the hostname ? But therefor the centralrouter has to know the hostname of the other router ( is it possible that the connecting router sends its hostname to the central router when connecting ? )

Cisco Employee

Re: IPSec access with VPN Client and Router

Sorry I read your post too quickly. In this situation (IP assignment is dynamic for the remote router), my solution is not applicable. Currently I don't have any further ideas.



CreatePlease to create content