Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ISDN & CVPN clients

Is anybody help me with next problem:

Below is my config file from a router, which provides VPN site-to-site and remote clients. First I configured the router for VPN connection for remote users with CVPN clients on their laptops. It was work fine. When I configured the router for remote VPN connection for Cisco ISDN router I lost VPN possibilities for clients with CVPN. Now remote locations with Cisco ISDN routers make VPN connection without problems but users with CVPN cannot do it. When I clear configuration parameters for ISDN clients CVPN clients can make VPN connection when I turn it back they cannot.

Is it possible make VPN configuration for both types of users: user with CVPN and users with ISDN routers?

If it is possible how can I make it or where I did mistake in my configuration?

I need answer as soon as possible!

---------

version 12.3

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Cisco

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

enable secret 5 xxxxxxxxxxxxx

enable password xxxxx

!

username xxxxx privilege 15 password 0 xxxxx

!

aaa new-model

!

!

aaa authentication login userauthen local

aaa authorization network groupauthor local

aaa session-id common

ip subnet-zero

!

!

ip audit notify log

ip audit po max-events 100

!

!

crypto isakmp policy 1

hash md5

authentication pre-share

!

crypto isakmp policy 5

hash md5

authentication pre-share

!

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

crypto isakmp key xxxxxxx address PUBLIC IP ADDRESS 1 no-xauth

crypto isakmp key xxxxxxx address PUBLIC IP ADDRESS 2 no-xauth

crypto isakmp key xxxxxxx address PUBLIC IP ADDRESS 3 no-xauth

crypto isakmp key xxxxxxx address PUBLIC IP ADDRESS 4 no-xauth

crypto isakmp key xxxxxxx address PUBLIC IP ADDRESS 5

crypto isakmp key xxxxxxx address PUBLIC IP ADDRESS 6

crypto isakmp key xxxxxxx address 0.0.0.0 0.0.0.0 no-xauth

!

crypto isakmp client configuration group xxxxxxx

key xxxxxxx

dns 192.168.1.100

pool ippool

crypto isakmp profile VPNclient

description VPN clients profile

match identity group xxxxxxx

client authentication list userauthen

isakmp authorization list groupauthor

client configuration address respond

!

!

crypto ipsec transform-set myset1 esp-des esp-md5-hmac

crypto ipsec transform-set myset3 esp-des esp-md5-hmac

mode transport

crypto ipsec transform-set rtpset esp-des esp-md5-hmac

crypto ipsec transform-set myset4 esp-des esp-md5-hmac

crypto ipsec transform-set myset5 esp-des esp-md5-hmac

crypto ipsec transform-set myset esp-des esp-md5-hmac

!

crypto dynamic-map dynmap 10

set transform-set myset

set isakmp-profile VPNclient

!

crypto dynamic-map rtpmap 11

set transform-set rtpset

match address 118

!

!

crypto map clientmap 5 ipsec-isakmp

set peer PUBLIC IP ADDRESS 1

set transform-set myset1

match address 115

crypto map clientmap 7 ipsec-isakmp

set peer PUBLIC IP ADDRESS 2

set transform-set myset3

match address 117

crypto map clientmap 8 ipsec-isakmp

set peer PUBLIC IP ADDRESS 3

set transform-set myset4

match address 119

crypto map clientmap 9 ipsec-isakmp

set peer PUBLIC IP ADDRESS 4

set transform-set myset5

match address 120

crypto map clientmap 10 ipsec-isakmp dynamic dynmap

crypto map clientmap 11 ipsec-isakmp dynamic rtpmap

crypto map clientmap 12 ipsec-isakmp

description Tunnel to PUBLIC IP ADDRESS 5

set peer PUBLIC IP ADDRESS 5

set transform-set myset3

match address 121

crypto map clientmap 13 ipsec-isakmp

description Tunnel PUBLIC IP ADDRESS 6

set peer PUBLIC IP ADDRESS 6

set transform-set myset3

match address 122

...

ip local pool ippool 192.168.200.1 192.168.200.254

ip nat inside source route-map nonat interface FastEthernet0/1 overload

...

(here goes access-list)

...

route-map nonat permit 10

match ip address 101

....

  • Other Security Subjects
1 REPLY
Anonymous
N/A

Re: ISDN & CVPN clients

Check if you have any overlapping access lists

86
Views
0
Helpful
1
Replies