03-12-2004 07:05 AM - edited 03-09-2019 06:44 AM
Is anybody help me with next problem:
Below is my config file from a router, which provides VPN site-to-site and remote clients. First I configured the router for VPN connection for remote users with CVPN clients on their laptops. It was work fine. When I configured the router for remote VPN connection for Cisco ISDN router I lost VPN possibilities for clients with CVPN. Now remote locations with Cisco ISDN routers make VPN connection without problems but users with CVPN cannot do it. When I clear configuration parameters for ISDN clients CVPN clients can make VPN connection when I turn it back they cannot.
Is it possible make VPN configuration for both types of users: user with CVPN and users with ISDN routers?
If it is possible how can I make it or where I did mistake in my configuration?
I need answer as soon as possible!
---------
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cisco
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 xxxxxxxxxxxxx
enable password xxxxx
!
username xxxxx privilege 15 password 0 xxxxx
!
aaa new-model
!
!
aaa authentication login userauthen local
aaa authorization network groupauthor local
aaa session-id common
ip subnet-zero
!
!
ip audit notify log
ip audit po max-events 100
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
!
crypto isakmp policy 5
hash md5
authentication pre-share
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key xxxxxxx address PUBLIC IP ADDRESS 1 no-xauth
crypto isakmp key xxxxxxx address PUBLIC IP ADDRESS 2 no-xauth
crypto isakmp key xxxxxxx address PUBLIC IP ADDRESS 3 no-xauth
crypto isakmp key xxxxxxx address PUBLIC IP ADDRESS 4 no-xauth
crypto isakmp key xxxxxxx address PUBLIC IP ADDRESS 5
crypto isakmp key xxxxxxx address PUBLIC IP ADDRESS 6
crypto isakmp key xxxxxxx address 0.0.0.0 0.0.0.0 no-xauth
!
crypto isakmp client configuration group xxxxxxx
key xxxxxxx
dns 192.168.1.100
pool ippool
crypto isakmp profile VPNclient
description VPN clients profile
match identity group xxxxxxx
client authentication list userauthen
isakmp authorization list groupauthor
client configuration address respond
!
!
crypto ipsec transform-set myset1 esp-des esp-md5-hmac
crypto ipsec transform-set myset3 esp-des esp-md5-hmac
mode transport
crypto ipsec transform-set rtpset esp-des esp-md5-hmac
crypto ipsec transform-set myset4 esp-des esp-md5-hmac
crypto ipsec transform-set myset5 esp-des esp-md5-hmac
crypto ipsec transform-set myset esp-des esp-md5-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
set isakmp-profile VPNclient
!
crypto dynamic-map rtpmap 11
set transform-set rtpset
match address 118
!
!
crypto map clientmap 5 ipsec-isakmp
set peer PUBLIC IP ADDRESS 1
set transform-set myset1
match address 115
crypto map clientmap 7 ipsec-isakmp
set peer PUBLIC IP ADDRESS 2
set transform-set myset3
match address 117
crypto map clientmap 8 ipsec-isakmp
set peer PUBLIC IP ADDRESS 3
set transform-set myset4
match address 119
crypto map clientmap 9 ipsec-isakmp
set peer PUBLIC IP ADDRESS 4
set transform-set myset5
match address 120
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
crypto map clientmap 11 ipsec-isakmp dynamic rtpmap
crypto map clientmap 12 ipsec-isakmp
description Tunnel to PUBLIC IP ADDRESS 5
set peer PUBLIC IP ADDRESS 5
set transform-set myset3
match address 121
crypto map clientmap 13 ipsec-isakmp
description Tunnel PUBLIC IP ADDRESS 6
set peer PUBLIC IP ADDRESS 6
set transform-set myset3
match address 122
...
ip local pool ippool 192.168.200.1 192.168.200.254
ip nat inside source route-map nonat interface FastEthernet0/1 overload
...
(here goes access-list)
...
route-map nonat permit 10
match ip address 101
....
04-15-2004 05:45 AM
Check if you have any overlapping access lists
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: