cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
273
Views
0
Helpful
2
Replies

Multiple Site to Site Tunnels plus Remote Access clients

bobby-long
Level 1
Level 1

I have a Cisco 3825 router with security bundle which acts solely as a "VPN router".

There are about 9 static tunnels with peers and pre-share keys defined. I also have 8 or so small Linksys routers which create tunnels to this router. Since these small routers are on cable/DSL we have a wild card policy (no set remote peer). All of the ISAKMP policies are set to no-xauth.

Now my question. Since we have a policy that is set to, basically any remote endpoint (requires pre-share key), I cannot seem to set up a config that allows a Cisco remote access client to connect to this router. Is it possible to get this to work? I have set up SEVERAL RA clients on PIXs and routers, but NOT with the presents of a wild card ISAKMP policy. I'm afraid I painted myself into a major corner. :)

If I do get this to work. My end goal is to implement RAS to authenticate RA clients to active directory.

ANY advice would be appreciated. I have about pulled every hair in my head out.

Respectfully,

Bobby

2 Replies 2

tstanik
Level 5
Level 5

Wild card isakmp policies do create problem with remote access clients. Try to connect to remote access client by removing the wil card isakmp policies. Following link may help you

http://www.cisco.com/en/US/products/sw/secursw/ps5318/products_user_guide_chapter09186a0080656460.html

andrew.vlasek
Level 1
Level 1

I think you need to have an AAA server such as acs then link the ACS to active directory I know you can do this with an ASA.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: