Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco with site-to-site and EzVPN

This is the first time for me to work with Cisco Router.

The below mentioned is my configuration where

Cisco Srv is Cisco 7200 Series Router

XYZ       is one VPN Server running on Linux.

RAC is the Remote Access VPN Client

|   RAC     |-----> |   XYZ     | ===== | Cisco Srv |

I managed to get RAC configuration from Cisco Product Summary guide.

For the dynamic site-to-site i went through the document to figure out

the configuration.

I have combined these configuration into one and applied them on the Cisco Srv.

I can individually create a tunnel between Cisco Srv and RAC also between  Cisco Srv and XYZ with this configuration mentioned below.

But when the tunnel between Cisco Srv and XYZ is  established, i can't create a tunnel with RAC from Cisco Srv.

The RAC to Cisco Srv tunnel is broken when the XYZ to Cisco Srv tunnel is established.

But i could see the iskamp packets are received by the cisco srv. But it is not acknowledging that.

Please let me know where i went wrong.

Thanks in advance.

The configuration for the Cisco Srv:

no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service internal
hostname Cisco7200
aaa new-model
aaa authorization network hw-client-groupname local
aaa session-id common
enable password cisco
memory-size iomem 16
clock timezone - 0 6
ip subnet-zero
no ip source-route
ip domain-name
ip audit notify log
ip audit po max-events 100
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration address-pool local dynpool
crypto isakmp client configuration group hw-client-groupname
key hw-client-password
pool dynpool

crypto isakm profile VPNclient
description VPN clients profile
match identity group hw-client-groupname
isakmp authorization list hw-client-groupname
client configuration address respond

crypto ipsec transform-set transform-1 esp-3des esp-sha-hmac
crypto dynamic-map vpnclient 1
set transform-set transform-1
set isakmp-profile VPNclient
crypto isakmp policy 10
encr aes 256
hash sha
authentication pre-share
group 2

crypto isakmp key somestrongkey address

crypto ipsec transform-set ts esp-aes 256 esp-sha-hmac

ip access-list extended vpn
deny ip
permit ip any
crypto dynamic-map vpndynamic 10
set transform-set ts
match address vpn

crypto map dynmap 1 ipsec-isakmp dynamic vpnclient
crypto map dynmap 10 ipsec-isakmp dynamic vpndynamic

interface FastEthernet1/0
ip addr
no shutdown
crypto map dynmap
no cdp enable
interface f1/1
description connected to HQ LAN
ip address
no shutdown
speed auto
no cdp enable

ip local pool dynpool
ip classless
ip route 
no ip http server
ip pim bidir-enable
no cdp run
line con 0
line aux 0
line vty 0 4
password cisco

CreatePlease to create content