Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

vpn client 3.0.1 not able to connect to router 3640(configuration below)

I have installed vpn client 3.0.1 in windows 2000 proffesional pc and trying to make a secure connection to a cisco 3640 vpn enabled router IOs 12.2(8) .when i try to connect i get message"Failed to establish a secure connection to the security gateway."

My configuration is as below

!

crypto isakmp policy 20

encr 3des

hash md5

authentication pre-share

group 2

!

crypto isakmp client configuration group 3000client

key cisco123

pool ourpool

!

crypto ipsec transform-set vpnclient esp-3des esp-md5-hmac

!

crypto dynamic-map dynmap 10

set transform-set vpnclient

!

crypto map combined client configuration address initiate

crypto map combined client configuration address respond

!

crypto map combined 40 ipsec-isakmp dynamic dynmap

!

ip local pool ourpool 10.2.1.1 10.2.1.254

!

Any help would be highhly appreciated.

Thanks for fast responce

2 REPLIES
Cisco Employee

Re: vpn client 3.0.1 not able to connect to router 3640(configur

You're missing the authentication/authorization part of the confguration. Add the following:

> aaa new-model

> aaa authentication login userauthen group local

> aaa authorization network groupauthor local

> crypto map combined client authentication list userauthen

> crypto map combined isakmp authorization list groupauthor

Make sure the crypto map is applied to the outside interface.

See http://www.cisco.com/warp/public/480/ipsec-ios-tacacs.html for an example. Note this does TACACS user authentication, what I've shown above will do local user authentication, so you'll need to add:

> username password

commands onto the router for each user also.

New Member

Re: vpn client 3.0.1 not able to connect to router 3640(configur

Hi gfullage,

thanks for the reply.Now I am able to get a connection to the secure gateway.So the authentication is a important part in this configurtation.

tanweer@mdsuae.co.ae

85
Views
0
Helpful
2
Replies
CreatePlease to create content