I have a site to site VPN currently in place. I am using a 2600 on my side. I now need to get remote access for home users implemented. I am getting error: 412: Secure VPN terminated by locally by client. Remote peer no longer responding.
Below is my config.
Current configuration : 3940 bytes
service timestamps debug datetime msec
service timestamps log datetime msec
logging queue-limit 100
no logging console
enable secret xxx
enable password xxxx
username ***** password xxxx
memory-size iomem 15
aaa authentication login userauthen local
aaa authorization network groupauthor local
aaa session-id common
no ip source-route
ip inspect name scpa udp
ip audit notify log
ip audit po max-events 100
crypto isakmp policy 1
crypto isakmp policy 2
crypto isakmp key ********* address 128..x.x.x
crypto isakmp client configuration group sriclient
First things first, I strongly suggest you change your key under the VPN group (key sriremote), since you have pasted your group name and password, and the IP address of your router in here. All someone has to do is guess the local username you have configured on this router (the password is easy to find) and they'll be into your network.
I think the problem here is your access-list 101 is not allowing these packets in. Try taking it off the interface temproraily and try a client connection. If it works then we know that's the problem.
To allow VPN clients in you'll have to add something like the following:
access-list 101 permit udp any host 220.127.116.11 eq isakmp
access-list 101 permit esp any host 18.104.22.168
and just in case the client and router negotiate UDP encapsulation (NAT-T):
access-list 101 permit udp any host 22.214.171.124 eq 4500
and also allow the unencrypted form of the traffic in:
access-list 101 permit ip 10.0.0.0 0.0.0.31 192.168.0.0 0.0.0.255
You have to specify "any" as the source address cause you don't know the IP address of the VPN client.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :