Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Problem With VPN Client Config on 857W


I arrive to establish the vpn but I can't establish the communication.

hostname A


logging buffered 51200 debugging

logging console critical

enable secret xxxx


username user password xxxx

username user1 password xxxx

clock timezone PCTime 1

clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00

aaa new-model



aaa authentication login default local

aaa authentication login sdm_vpn_xauth_ml_1 local

aaa authorization exec default local

aaa authorization network sdm_vpn_group_ml_1 local

aaa session-id common

ip subnet-zero

no ip source-route

ip dhcp pool sdm-pool1

import all

network 192.x.x.0


dns-server 80.10.x.x.10.246.129



ip cef

ip tcp synwait-time 10

no ip bootp server

no ip domain lookup

ip domain name

ip name-server 193.x.x.3

ip ssh time-out 60

ip ssh authentication-retries 2

no ftp-server write-enable


crypto isakmp policy 1

encr 3des

authentication pre-share

group 2


crypto isakmp client configuration group Client-Vpn

key passw0rd

dns 193.x.x.3

pool SDM_POOL_1

max-users 5



crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac


crypto dynamic-map SDM_DYNMAP_1 1

set transform-set ESP-3DES-SHA




crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1

crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1

crypto map SDM_CMAP_1 client configuration address respond

crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1


interface ATM0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

no atm ilmi-keepalive

dsl operating-mode auto


interface ATM0.1 point-to-point

description $ES_WAN$$FW_OUTSIDE$

pvc 8/35

pppoe-client dial-pool-number 1



interface FastEthernet0

no ip address

no cdp enable


interface Vlan1


no ip address

ip tcp adjust-mss 1452

bridge-group 1


interface Dialer0

ip address negotiated

ip access-group 101 in

no ip redirects

no ip unreachables

no ip proxy-arp

ip mtu 1452

ip nat outside

ip virtual-reassembly

encapsulation ppp

ip route-cache flow

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap pap callin

ppp chap hostname fti

ppp chap password xxxx

ppp pap sent-username fti password xxxx

crypto map SDM_CMAP_1


interface BVI1

description $ES_LAN$

ip address 192.168.x.x.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452


ip local pool SDM_POOL_1

ip classless

ip route Dialer0


ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 5 life 86400 requests 10000

ip nat inside source list 1 interface Dialer0 overload

ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload


logging trap debugging

access-list 1 remark INSIDE_IF=BVI1

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.x.x.0

access-list 101 permit ip any

access-list 101 permit udp any any eq non500-isakmp

access-list 101 permit udp any any eq isakmp

access-list 101 permit esp any any

access-list 101 permit ip any any

access-list 102 remark SDM_ACL Category=2

access-list 102 deny ip any

access-list 102 permit ip any

dialer-list 1 protocol ip permit

no cdp run

route-map SDM_RMAP_1 permit 1

match ip address 102





bridge 1 protocol ieee

bridge 1 route ip

New Member

Re: Problem With VPN Client Config on 857W

i do not see a "set peer" under your crypto map, if that is the question you are asking