02-18-2009 04:07 AM
Hi,
Am unable to connect to VPN gateway through VPN Client.The configuration is as follows.
username manju password 0 cisco
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
!
crypto isakmp client configuration group vpnclient
key airtel@123
domain netsol.com
pool ippool
acl splitremote
!
!
crypto ipsec transform-set myairtel ah-md5-hmac esp-3des
!
crypto dynamic-map dynmap 10
set transform-set myairtel
reverse-route
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!
!
interface Loopback0
ip address 10.11.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Loopback1
ip address 172.16.10.1 255.255.255.0
!
interface Loopback2
ip address 172.16.20.1 255.255.255.0
!
interface Loopback3
ip address 172.16.30.1 255.255.255.0
!
interface Loopback4
ip address 172.16.40.1 255.255.255.0
!
interface Loopback5
ip address 172.16.50.1 255.255.255.0
!
interface FastEthernet0/0
ip address 10.97.37.252 255.255.255.0
ip nat outside
ip virtual-reassembly
speed auto
full-duplex
no mop enabled
crypto map clientmap
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1.1
encapsulation dot1Q 1 native
ip address 10.97.38.1 255.255.255.0
!
interface Serial0/0/0
description PE40-AIRTEL-NOC [10.20.30.2/29]
ip address 172.26.16.14 255.255.255.0
clock rate 2000000
!
interface Serial0/0/1
ip address 20.20.20.1 255.255.255.0
encapsulation frame-relay
clock rate 2000000
frame-relay map ip 20.20.20.2 100 broadcast
frame-relay lmi-type ansi
!
interface Serial0/1/0
ip address 172.26.16.14 255.255.255.0
!
interface Serial0/1/1
ip address 192.168.10.1 255.255.255.0
!
router eigrp 10
redistribute static
network 10.0.0.0
network 172.16.0.0
network 172.26.0.0
network 192.168.10.0
no auto-summary
!
ip local pool ippool 192.168.1.1 192.168.1.2
ip route 0.0.0.0 0.0.0.0 10.97.37.254
!
!
02-18-2009 01:08 PM
Can you get the debug crypto isakmp from your router when you are trying to connect?
02-18-2009 10:51 PM
02-19-2009 07:55 AM
Ok I see what you are missing, try to change the DH group of the isakmp policy to 2 instead of 1 which is what you have right now:
crypto isakmp policy 1
encr 3des
authentication pre-share
it should look like this:
crypto isakmp policy 1
encr 3des
group 2
authentication pre-share
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide