Re: Can not connect to Easy VPN Server

From: Vazman (vazman@gmail.com)
Date: Tue Nov 01 2005 - 02:18:37 GMT-3

• Next message: Imal kalutotage: "Re: RE: Re: Frame-Relay fragmentation"
• Previous message: Ralph: "Re: RE: Re: Frame-Relay fragmentation"
• Maybe in reply to: Hai Minh: "Can not connect to Easy VPN Server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I think you are missing the acl to define what traffic to encrypt. It goes
under "crypto isakmp client configuration group send2user" Check out the
Easy VPN server sample in 12.3 new features.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t
/122t8/ftunity.htm#wp1191206

HTH
 On 10/31/05, Hai Minh <minhlth@ipmac.com.vn> wrote:
>
> Hi group,
>
> I catch a problem when connecting to VPN Server. I configure Easy VPN
> Server on a router 2610 with IOS "c2600-ik9o3s3-mz.123-15b.bin". But when
> I
> connect from VPN Client (ver 4.6), it always drop with the message "Error
> 412
> : the remote peer is no longer responding". On the router, it shows up a
> message "%CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed
> with peer at 192.168.1.25 <http://192.168.1.25>"
> I turned off the firewall on my PC but it's still unable to connect. I
> post here the configuration of my router. Does anyone know how to fix this
> problem?
>
> Thanks
> Hai Minh
>
> -------------------------
> hostname R4
> !
> enable secret 5 $1$SxtF$u82/dO1i0RmtpMKM9YB900
> !
> aaa new-model
> !
> aaa authentication login authen_user local
> aaa authorization network author_user local
> aaa session-id common
>
> !
> username cisco password 0 cisco
> !
> crypto isakmp policy 10
> authentication pre-share
> group 2
> crypto isakmp keepalive 60 10
> crypto isakmp xauth timeout 20
> !
> crypto isakmp client configuration group send2user
> key cisco
> dns 192.168.1.154 <http://192.168.1.154>
> wins 192.168.1.154 <http://192.168.1.154>
> domain abc.com <http://abc.com>
> pool remote-pool
> !
> !
> crypto ipsec transform-set vpn-transform esp-des esp-sha-hmac
> !
> crypto dynamic-map dynmap 10
> set transform-set vpn-transform
> reverse-route
> !
> !
> crypto map dynmap client authentication list authen_user
> crypto map dynmap isakmp authorization list author_user
> crypto map dynmap client configuration address respond
> crypto map dynmap 10 ipsec-isakmp dynamic dynmap
> !
>
> interface Ethernet0/0
> ip address 192.168.1.24 <http://192.168.1.24>
255.255.255.0<http://255.255.255.0>
> half-duplex
> crypto map dynmap
> !
> ip local pool remote-pool 100.0.0.10 <http://100.0.0.10>
100.0.0.20<http://100.0.0.20>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Imal kalutotage: "Re: RE: Re: Frame-Relay fragmentation"
• Previous message: Ralph: "Re: RE: Re: Frame-Relay fragmentation"
• Maybe in reply to: Hai Minh: "Can not connect to Easy VPN Server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:04 GMT-3