Re: Can not connect to Easy VPN Server << Fix it

From: Hai Minh (minhlth@ipmac.com.vn)
Date: Tue Nov 01 2005 - 02:46:25 GMT-3

• Next message: Cisco Nuts: "RE: The most updated checklist( as of 6 April 2005)"
• Previous message: Cisco Nuts: "RE: ccie checklist link"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi group,

Thank you all for reading my question. I made a big mistake when using
user/pass instead of group_name/key to configure Group Authentication in the
VPN Client. This is the first time I configure VPN and I didn't understand
clearly some steps in configuring Easy VPN Server (I think Cisco should change
it name to Complex VPN Server). But it OK now with all of your help.

Thanks again.
Hai Minh

  ----- Original Message -----
  From: Vazman
  To: Hai Minh
  Cc: ccielab@groupstudy.com
  Sent: Tuesday, November 01, 2005 12:18 PM
  Subject: Re: Can not connect to Easy VPN Server

  I think you are missing the acl to define what traffic to encrypt. It goes
under "crypto isakmp client configuration group send2user" Check out the Easy
VPN server sample in 12.3 new features.

  http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/12
2t/122t8/ftunity.htm#wp1191206

  HTH

  On 10/31/05, Hai Minh <minhlth@ipmac.com.vn> wrote:
    Hi group,

       I catch a problem when connecting to VPN Server. I configure Easy VPN
    Server on a router 2610 with IOS " c2600-ik9o3s3-mz.123-15b.bin". But when
I
    connect from VPN Client (ver 4.6), it always drop with the message "Error
412
    : the remote peer is no longer responding". On the router, it shows up a
    message "%CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed
    with peer at 192.168.1.25"
       I turned off the firewall on my PC but it's still unable to connect. I
    post here the configuration of my router. Does anyone know how to fix this
    problem?

    Thanks
    Hai Minh

    -------------------------
    hostname R4
    !
    enable secret 5 $1$SxtF$u82/dO1i0RmtpMKM9YB900
    !
    aaa new-model
    !
    aaa authentication login authen_user local
    aaa authorization network author_user local
    aaa session-id common

    !
    username cisco password 0 cisco
    !
    crypto isakmp policy 10
    authentication pre-share
    group 2
    crypto isakmp keepalive 60 10
    crypto isakmp xauth timeout 20
    !
    crypto isakmp client configuration group send2user
    key cisco
    dns 192.168.1.154
    wins 192.168.1.154
    domain abc.com
    pool remote-pool
    !
    !
    crypto ipsec transform-set vpn-transform esp-des esp-sha-hmac
    !
    crypto dynamic-map dynmap 10
    set transform-set vpn-transform
    reverse-route
    !
    !
    crypto map dynmap client authentication list authen_user
    crypto map dynmap isakmp authorization list author_user
    crypto map dynmap client configuration address respond
    crypto map dynmap 10 ipsec-isakmp dynamic dynmap
    !

    interface Ethernet0/0
    ip address 192.168.1.24 255.255.255.0
    half-duplex
    crypto map dynmap
    !
    ip local pool remote-pool 100.0.0.10 100.0.0.20

    _______________________________________________________________________
    Subscription information may be found at:
    http://www.groupstudy.com/list/CCIELab.html

• Next message: Cisco Nuts: "RE: The most updated checklist( as of 6 April 2005)"
• Previous message: Cisco Nuts: "RE: ccie checklist link"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:04 GMT-3