05-03-2012 02:41 PM
Hi,
I have issue with setting up c1841 router for vpn access. Below config is extracted from the running-config. Please also find attahed the debug log output.
crypto isakmp client configuration group vpn-group
key 128382671
dns 200.xx.xx.xxx
domain group.com
pool vpnpool
!
crypto ipsec security-association lifetime seconds 180
!
crypto ipsec transform-set myset ah-sha-hmac esp-des esp-md5-hmac
crypto ipsec transform-set yourset ah-md5-hmac esp-3des comp-lzs
!
crypto dynamic-map DYNMAP 10
set transform-set myset yourset
match address 101
reverse-route
!
!
crypto map CLIENTMAP local-address FastEthernet0/1
crypto map CLIENTMAP client authentication list AUTHEN-LIST
crypto map CLIENTMAP isakmp authorization list AUTHEN-LIST
crypto map CLIENTMAP client configuration address respond
crypto map CLIENTMAP 10 ipsec-isakmp dynamic DYNMAP
!
Best Regards,
Ruveni
05-08-2012 03:22 PM
Hi Mate ,
a few comments if you don't mind :
1- did you confgure an isakmp policy with DH group 2 .
2- why you are using an access-list under the dynamic crypto map .
is it possible to attach the full config of the router ? the debugs are showing that we are not going beyond IKE first message as the router refuses the proposals offered by the client .
hope that hsi helps .
Mohammad.
05-08-2012 09:53 PM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: