Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

vpn client 3.6 establish ipsec channel with center router

I have a 7206VXR with IOS 12.2.15t and clients with vpn client 3.6.

The clients will try to establish ipsec channel with 7206 through Internet.

But I am not doing well. The SA could not establish and the output of

"debug crypto isakmp" advised that IKE phase 1 failed because of attibutes

not being accepted.

I don't know why and I would like your advice.

Please see the config of 7206 as follow.

aaa new-model

aaa authentication login xauth_list local

enable password <>


username <> password <>


crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

crypto isakmp client configuration group clients

key 1234567

pool mypool


crypto ipsec transform-set mypolicy esp-3des esp-md5-hmac


crypto dynamic-map dyna 10

set transform-set mypolicy


crypto map test client authentication list xauth_list

crypto map test client configuration address respond

crypto map test 10 ipsec-isakmp dynamic dyna


controller ISA 4/1


interface FastEthernet1/0

ip address 202.x.x.x

no ip route-cache

no ip mroute-cache

duplex half

crypto map test


interface FastEthernet2/0

ip address secondary

ip address

no ip route-cache

no ip mroute-cache

duplex half


ip local pool mypool

ip classless

ip route 202.x.x.x

no ip http server


Re: vpn client 3.6 establish ipsec channel with center router


please attach the crypto debugs, does rebooting the router(with or without taking the crypto configuration off ) help?



CreatePlease login to create content