Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Multiple Site to Site Tunnels plus Remote Access clients

I have a Cisco 3825 router with security bundle which acts solely as a "VPN router".

There are about 9 static tunnels with peers and pre-share keys defined. I also have 8 or so small Linksys routers which create tunnels to this router. Since these small routers are on cable/DSL we have a wild card policy (no set remote peer). All of the ISAKMP policies are set to no-xauth.

Now my question. Since we have a policy that is set to, basically any remote endpoint (requires pre-share key), I cannot seem to set up a config that allows a Cisco remote access client to connect to this router. Is it possible to get this to work? I have set up SEVERAL RA clients on PIXs and routers, but NOT with the presents of a wild card ISAKMP policy. I'm afraid I painted myself into a major corner. :)

If I do get this to work. My end goal is to implement RAS to authenticate RA clients to active directory.

ANY advice would be appreciated. I have about pulled every hair in my head out.

Respectfully,

Bobby

2 REPLIES
Bronze

Re: Multiple Site to Site Tunnels plus Remote Access clients

Wild card isakmp policies do create problem with remote access clients. Try to connect to remote access client by removing the wil card isakmp policies. Following link may help you

http://www.cisco.com/en/US/products/sw/secursw/ps5318/products_user_guide_chapter09186a0080656460.html

New Member

Re: Multiple Site to Site Tunnels plus Remote Access clients

I think you need to have an AAA server such as acs then link the ACS to active directory I know you can do this with an ASA.

113
Views
0
Helpful
2
Replies
CreatePlease login to create content