From: Edward Norton (doubleccie@yahoo.com)
Date: Wed May 09 2007 - 09:03:09 ART
Guys
I am trying to run easy vpn between two routers using ISAKMP profiles , assume R2 is the client and R4 is the server ..here is my config
R4
====
username ccie privilege 15 password 0 ccie
!
crypto isakmp policy 100
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group EZVPN
key ccie
domain cisco.com
pool CCIEPOOL
!
crypto isakmp profile EZVPN
match identity group EZVPN
client authentication list EZVPN
isakmp authorization list EZVPN
!
!
crypto ipsec transform-set TSET1 esp-3des esp-md5-hmac
!
crypto dynamic-map EZVPN 100
set transform-set TSET1
set isakmp-profile EZVPN
reverse-route
!
!
crypto map EZVPN 100 ipsec-isakmp dynamic EZVPN
!
!
!
interface Ethernet0/0
ip address 20.1.1.4 255.255.255.0
crypto map EZVPN
!
ip local pool CCIEPOOL 4.4.200.30 4.4.200.40
!
on the client R2 , configuration is
!
crypto ipsec client ezvpn EZVPN
connect auto
group EZVPN key ccie
mode client
peer 20.1.1.4
!
!
!
!
interface FastEthernet0/0
ip address 20.1.1.2 255.255.255.0
crypto ipsec client ezvpn EZVPN
!
!
interface FastEthernet0/1
ip address 20.1.23.2 255.255.255.0
crypto ipsec client ezvpn EZVPN inside
!
=============================
R2 ask me for username and password which i provide ..however i keep getting the following message on R2
A pre-shared key for address mask 20.1.1.4 255.255.255.255 already exists
and of course the tunnel does not come up ..have anyone faced similar problem before ?? ..what is that supposed to mean
thanks
---------------------------------
Ahhh...imagining that irresistible "new car" smell?
Check outnew cars at Yahoo! Autos.
This archive was generated by hypermail 2.1.4 : Fri Jun 01 2007 - 06:55:20 ART