Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ISAKMP Client Configuration - Multiple on same IOS Router

Currently working towards switching our users from existing client configuration to a new configuration. This is a general security change, so would like to have the new and existing active as we work towards moving users over. Once the move is complete, we will remove the existing.

Added the configuration for the second one, but the client goes to "not connected" after the authentication phase. Any help would be appreciated:

Configs Below.

Current

------

aaa authorization network CURRENT local

!

crypto isakmp client configuration group CURRENT

key <removed>

dns 10.10.10.1 10.96.17.2

wins 10.10.10.1 10.96.17.2

domain mydomain.com

pool RAPOOL

acl SPLIT

save-password

split-dns mydomain.com

netmask 255.255.255.0 !

crypto isakmp profile USERS

   match identity group CURRENT

   client authentication list DOMAIN

   isakmp authorization list CURRENT

   client configuration address respond

   keepalive 300 retry 5

!

crypto dynamic-map dynmap 1

set transform-set AES128

set isakmp-profile USERS

New

-----

aaa authorization network NEW local

!

crypto isakmp client configuration group NEW

key <removed>

dns 10.10.10.1 10.96.17.2

wins 10.10.10.1 10.96.17.2

domain mydomain.com

pool RAPOOL

acl SPLIT

save-password

split-dns mydomain.com

netmask 255.255.255.0

!

crypto isakmp profile USERS

   match identity group NEW

   client authentication list DOMAIN

   isakmp authorization list NEW

   client configuration address respond

   keepalive 300 retry 5

313
Views
0
Helpful
0
Replies
CreatePlease to create content