Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

vpn client

Mar  1 09:23:12.295: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at 201.70.32.102

This is the config of router:

Router#sh run
Building configuration...

Current configuration : 1772 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
crypto isakmp policy 1
  hash md5
  authentication pre-share
crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
crypto isakmp client configuration address-pool local ourpool
!
!
crypto ipsec transform-set trans1 esp-des esp-md5-hmac
!
crypto dynamic-map dynmap 10
  set transform-set trans1
!
!
crypto map intmap client configuration address initiate
crypto map intmap client configuration address respond
crypto map intmap 10 ipsec-isakmp dynamic dynmap
!
!
!
interface FastEthernet0/0
  ip address 201.70.32.101 255.255.255.0
  ip nat outside
  ip virtual-reassembly
  no ip route-cache cef
  no ip route-cache
  no ip mroute-cache
  duplex auto
  speed auto
  crypto map intmap
!
interface Serial0/0
  no ip address
  shutdown
  no fair-queue
  clock rate 2000000
!
interface FastEthernet0/1
  ip address 10.2.2.1 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  duplex auto
  speed auto
!
interface Serial0/1
  no ip address
  shutdown
  clock rate 2000000
!
ip local pool ourpool 10.2.1.1 10.2.1.254
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 201.70.32.1
!
ip http server
no ip http secure-server
ip nat pool outsidepool 201.70.32.150 201.70.32.160 netmask 255.255.255.0
ip nat inside source route-map nonat pool outsidepool
!
access-list 101 deny   ip 10.2.2.0 0.0.0.255 10.2.1.0 0.0.0.255
access-list 101 permit ip 10.2.2.0 0.0.0.255 any
route-map nonat permit 10
  match ip address 101
!
!
!
!
control-plane
!
!
!
!
line con 0
line aux 0
line vty 0 4
  password ww
  login
!
!
end

In the vpn client fields "name" and "password", i don't be sure that what i must configure. Someone can help me?

Thanks

2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: vpn client

Your router has not been fully configured for VPN client access.

Here is a sample configuration for your reference:

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a00801c4246.shtml

Cisco Employee

Re: vpn client

The bug is fixed in version 12.4(23a), and yes, 15.1(M1) also has the bug fix.

9 REPLIES
Cisco Employee

Re: vpn client

Your router has not been fully configured for VPN client access.

Here is a sample configuration for your reference:

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a00801c4246.shtml

Community Member

Re: vpn client

just what I needed. Thanks!!

Community Member

Re: vpn client

Hi all,

Ok, the VPN connection works and obtain an IP address  in the pool but this message appears. Can someone explain it properly?.

*Mar  1 10:21:23.375: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=2002 local=172.18.124.159 remote=172.18.124.160 spi=E3FAB83D seqno=00000100

Thanks

Cisco Employee

Re: vpn client

Community Member

Re: vpn client

Oh,  sorry. I am not Registered Customers or partners  so that I can not prove it. Please explain what the  bug and if it can solve

Cisco Employee

Re: vpn client

What is the version of router? If it is in the affected version, then it is cosmetic only bug and does not have any functional impact.

You can upgrade the router to the version which is not impacted, however, it is cosmetic only as advised., so nothing to worry about (depending on the version of your router).

Community Member

Re: vpn client

Hi,

I'm doing tests with a 2691 Router and “c2691-advsecurityk9-mz.124-23.bin” IOS, but really I have to deploy it to a 2911 with “c2900-universalk9-mz.SPA.150-1.M1.bin” IOS.

Can you tell me if in the most current fix the bug?

Thanks

Cisco Employee

Re: vpn client

The bug is fixed in version 12.4(23a), and yes, 15.1(M1) also has the bug fix.

Community Member

Re: vpn client

Thanks!!!!!!!

866
Views
0
Helpful
9
Replies
CreatePlease to create content