Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
601
Views
0
Helpful
2
Replies

VPN Client and 1811

Go to solution
vaba
Level 1
Level 1

‎05-31-2007 06:15 AM

i try to connect to my router Cisco1811 whit Cisco VPN Client 4.8 whit rsa-sig(certificate). On Cisco VPN Client i resive request for username i pass. When i insert them on the 1811 i resive this mesage on console

%CRYPTO-6-VPN_TUNNEL_STATUS: Group: does not exist

My ios config is:

aaa new-model

!

!

aaa authentication login VPNUSER local

aaa authorization network VPNUSER local

!

aaa session-id common

!

resource policy

!

!

!

ip cef

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.10.1

!

ip dhcp pool sdm-pool

import all

network 192.168.10.0 255.255.255.0

default-router 192.168.10.1

lease 0 2

!

!

no ip domain lookup

ip domain name yourdomain.com

!

! crypto pki token default user-pin ******

crypto pki token default removal timeout 30

!

crypto pki trustpoint TP-self-signed-2095781077

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2095781077

revocation-check none

rsakeypair TP-self-signed-2095781077

!

crypto pki trustpoint CA_Server

enrollment terminal

serial-number none

fqdn none

ip-address none

password

subject-name O=5100, OU=Customs, CN=Router1

revocation-check none

rsakeypair SDM-RSAKey-1180596453000

!

!

crypto pki certificate chain TP-self-signed-2095781077

crypto pki certificate chain CA_Server

!

crypto isakmp policy 10

encr 3des

group 2

crypto isakmp identity dn

!

crypto isakmp client configuration group guest_group

dns 10.1.1.3

pool vpnpool

!

!

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

!

crypto dynamic-map dynmap 10

set transform-set ESP-3DES-MD5

!

!

crypto map vpn_map client authentication list VPNUSER

crypto map vpn_map isakmp authorization list VPNUSER

crypto map vpn_map client configuration address initiate

crypto map vpn_map client configuration address respond

crypto map vpn_map 10 ipsec-isakmp dynamic dynmap

!

What can i do

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ggilbert
Cisco Employee
Cisco Employee

‎05-31-2007 08:53 AM

What is the OU on the certificate that you have for the client?

is it guest_group or something else?

Thanks

Gilbert

View solution in original post

0 Helpful
2 Replies 2

Go to solution
ggilbert
Cisco Employee
Cisco Employee

‎05-31-2007 08:53 AM

What is the OU on the certificate that you have for the client?

is it guest_group or something else?

Thanks

Gilbert

0 Helpful

Go to solution
vaba
Level 1
Level 1
In response to ggilbert

‎05-31-2007 09:33 PM

10x it`s work

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents