Re: Easy VPN with profiles

From: quiet blue (quietb@gmail.com)
Date: Wed May 09 2007 - 10:31:57 ART

• Next message: Edison Ortiz: "Re: dot1x & Guest VLAN"
• Previous message: John Gibson: "Re: Why not CBWFQ in switches ?"
• Maybe in reply to: Edward Norton: "Easy VPN with profiles"
• Next in thread: Edward Norton: "Re: Easy VPN with profiles"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I didn't see your have aaa configured, you need to define AAA list EZVPN.

On 5/9/07, Edward Norton <doubleccie@yahoo.com> wrote:
>
> Guys
> I am trying to run easy vpn between two routers using ISAKMP profiles ,
> assume R2 is the client and R4 is the server ..here is my config
>
> R4
> ====
> username ccie privilege 15 password 0 ccie
> !
> crypto isakmp policy 100
> encr 3des
> hash md5
> authentication pre-share
> group 2
> !
> crypto isakmp client configuration group EZVPN
> key ccie
> domain cisco.com
> pool CCIEPOOL
> !
> crypto isakmp profile EZVPN
> match identity group EZVPN
> client authentication list EZVPN
> isakmp authorization list EZVPN
> !
> !
> crypto ipsec transform-set TSET1 esp-3des esp-md5-hmac
> !
> crypto dynamic-map EZVPN 100
> set transform-set TSET1
> set isakmp-profile EZVPN
> reverse-route
> !
> !
> crypto map EZVPN 100 ipsec-isakmp dynamic EZVPN
> !
> !
> !
> interface Ethernet0/0
> ip address 20.1.1.4 255.255.255.0
> crypto map EZVPN
> !
> ip local pool CCIEPOOL 4.4.200.30 4.4.200.40
> !
>
>
> on the client R2 , configuration is
>
>
>
>
> !
> crypto ipsec client ezvpn EZVPN
> connect auto
> group EZVPN key ccie
> mode client
> peer 20.1.1.4
> !
> !
> !
> !
> interface FastEthernet0/0
> ip address 20.1.1.2 255.255.255.0
> crypto ipsec client ezvpn EZVPN
> !
> !
> interface FastEthernet0/1
> ip address 20.1.23.2 255.255.255.0
> crypto ipsec client ezvpn EZVPN inside
> !
> =============================
>
>
>
> R2 ask me for username and password which i provide ..however i keep
> getting the following message on R2
>
> A pre-shared key for address mask 20.1.1.4 255.255.255.255 already exists
>
>
> and of course the tunnel does not come up ..have anyone faced similar
> problem before ?? ..what is that supposed to mean
>
>
>
> thanks
>
>
>
>
> ---------------------------------
> Ahhh...imagining that irresistible "new car" smell?
> Check outnew cars at Yahoo! Autos.

• Next message: Edison Ortiz: "Re: dot1x & Guest VLAN"
• Previous message: John Gibson: "Re: Why not CBWFQ in switches ?"
• Maybe in reply to: Edward Norton: "Easy VPN with profiles"
• Next in thread: Edward Norton: "Re: Easy VPN with profiles"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jun 01 2007 - 06:55:20 ART