This is the first time for me to work with Cisco Router.
The below mentioned is my configuration where
Cisco Srv is Cisco 7200 Series Router
XYZ is one VPN Server running on Linux.
RAC is the Remote Access VPN Client
| RAC |-----> | XYZ | ===== | Cisco Srv |
I managed to get RAC configuration from Cisco Product Summary guide.
For the dynamic site-to-site i went through the document to figure out
I have combined these configuration into one and applied them on the Cisco Srv.
I can individually create a tunnel between Cisco Srv and RAC also between Cisco Srv and XYZ with this configuration mentioned below.
But when the tunnel between Cisco Srv and XYZ is established, i can't create a tunnel with RAC from Cisco Srv.
The RAC to Cisco Srv tunnel is broken when the XYZ to Cisco Srv tunnel is established.
But i could see the iskamp packets are received by the cisco srv. But it is not acknowledging that.
Please let me know where i went wrong.
Thanks in advance.
The configuration for the Cisco Srv:
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
aaa authorization network hw-client-groupname local
aaa session-id common
enable password cisco
memory-size iomem 16
clock timezone - 0 6
no ip source-route
ip domain-name cisco.com
ip audit notify log
ip audit po max-events 100
crypto isakmp policy 1
crypto isakmp client configuration address-pool local dynpool
crypto isakmp client configuration group hw-client-groupname
dns 184.108.40.206 220.127.116.11
wins 18.104.22.168 22.214.171.124
crypto isakm profile VPNclient
description VPN clients profile
match identity group hw-client-groupname
isakmp authorization list hw-client-groupname
client configuration address respond
crypto ipsec transform-set transform-1 esp-3des esp-sha-hmac
crypto dynamic-map vpnclient 1
set transform-set transform-1
set isakmp-profile VPNclient
crypto isakmp policy 10
encr aes 256
crypto isakmp key somestrongkey address 0.0.0.0 0.0.0.0
crypto ipsec transform-set ts esp-aes 256 esp-sha-hmac
ip access-list extended vpn
deny ip 192.168.1.22 255.255.255.255 126.96.36.199 255.255.255.0
permit ip 192.168.1.22 255.255.255.225 any
crypto dynamic-map vpndynamic 10
set transform-set ts
match address vpn
crypto map dynmap 1 ipsec-isakmp dynamic vpnclient
crypto map dynmap 10 ipsec-isakmp dynamic vpndynamic
ip addr 192.168.1.22 255.255.255.0
crypto map dynmap
no cdp enable
description connected to HQ LAN
ip address 188.8.131.52 255.255.255.0
no cdp enable
ip local pool dynpool 184.108.40.206 220.127.116.11
ip route 18.104.22.168 255.255.255.0 192.168.1.2
no ip http server
ip pim bidir-enable
no cdp run
line con 0
line aux 0
line vty 0 4
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :