Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

vpn client 3.6 establish ipsec channel with center router

I have a 7206VXR with IOS 12.2.15t and clients with vpn client 3.6.

The clients will try to establish ipsec channel with 7206 through Internet.

But I am not doing well. The SA could not establish and the output of

"debug crypto isakmp" advised that IKE phase 1 failed because of attibutes

not being accepted.

I don't know why and I would like your advice.

Please see the config of 7206 as follow.

aaa new-model

aaa authentication login xauth_list local

enable password <>

!

username <> password <>

!

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

crypto isakmp client configuration group clients

key 1234567

pool mypool

!

crypto ipsec transform-set mypolicy esp-3des esp-md5-hmac

!

crypto dynamic-map dyna 10

set transform-set mypolicy

!

crypto map test client authentication list xauth_list

crypto map test client configuration address respond

crypto map test 10 ipsec-isakmp dynamic dyna

!

controller ISA 4/1

!

interface FastEthernet1/0

ip address 202.x.x.x 255.255.255.0

no ip route-cache

no ip mroute-cache

duplex half

crypto map test

!

interface FastEthernet2/0

ip address 172.16.1.254 255.255.255.0 secondary

ip address 172.16.2.254 255.255.255.0

no ip route-cache

no ip mroute-cache

duplex half

!

ip local pool mypool 172.16.1.1 172.16.1.253

ip classless

ip route 0.0.0.0 0.0.0.0 202.x.x.x

no ip http server

1 REPLY
Bronze

Re: vpn client 3.6 establish ipsec channel with center router

Hi,

please attach the crypto debugs, does rebooting the router(with or without taking the crypto configuration off ) help?

Thx

Afaq

96
Views
0
Helpful
1
Replies
CreatePlease login to create content