Re: Easy VPN with profiles

From: Edward Norton (doubleccie@yahoo.com)
Date: Wed May 09 2007 - 12:22:12 ART

• Next message: DWINKWORTH@wi.rr.com: "Re: multicast funny question!! shared trees leads to source"
• Previous message: wim.depauw@getronics.com: "Re: Re: BGP fal over and fast-external-fallover"
• Maybe in reply to: Edward Norton: "Easy VPN with profiles"
• Next in thread: Timothy McLaurin: "Re: Easy VPN with profiles"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Ok ..weird thing happened ..after some time of keep entering the username and password of the group ..the tunnel came up .
   
  now my question in , assume i configure split tunneling on the server side ..is that suppose to update the routing table on the client side ??
   
  and how can i verify if my client got an IP address from the server or not ?
   
  appreciate any input
  

Edward Norton <doubleccie@yahoo.com> wrote:
  This two commands are also on R4 ..just missed them

aaa authentication login EZVPN local
aaa authorization network EZVPN local

quiet blue wrote:
I didn't see your have aaa configured, you need to define AAA list EZVPN.

On 5/9/07, Edward Norton wrote: Guys
I am trying to run easy vpn between two routers using ISAKMP profiles , assume R2 is the client and R4 is the server ..here is my config

R4
====
username ccie privilege 15 password 0 ccie
!
crypto isakmp policy 100
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group EZVPN
key ccie
domain cisco.com
pool CCIEPOOL
!
crypto isakmp profile EZVPN
match identity group EZVPN
client authentication list EZVPN
isakmp authorization list EZVPN
!
!
crypto ipsec transform-set TSET1 esp-3des esp-md5-hmac
!
crypto dynamic-map EZVPN 100
set transform-set TSET1
set isakmp-profile EZVPN
reverse-route
!
!
crypto map EZVPN 100 ipsec-isakmp dynamic EZVPN
!
!
!
interface Ethernet0/0
ip address 20.1.1.4 255.255.255.0
crypto map EZVPN
!
ip local pool CCIEPOOL 4.4.200.30 4.4.200.40
!

on the client R2 , configuration is

!
crypto ipsec client ezvpn EZVPN
connect auto
group EZVPN key ccie
mode client
peer 20.1.1.4
!
!
!
!
interface FastEthernet0/0
ip address 20.1.1.2 255.255.255.0
crypto ipsec client ezvpn EZVPN
!
!
interface FastEthernet0/1
ip address 20.1.23.2 255.255.255.0
crypto ipsec client ezvpn EZVPN inside
!
=============================

R2 ask me for username and password which i provide ..however i keep getting the following message on R2

A pre-shared key for address mask 20.1.1.4 255.255.255.255 already exists

and of course the tunnel does not come up ..have anyone faced similar problem before ?? ..what is that supposed to mean

thanks

---------------------------------
Ahhh...imagining that irresistible "new car" smell?
Check outnew cars at Yahoo! Autos.

---------------------------------
Sucker-punch spam with award-winning protection.
Try the free Yahoo! Mail Beta.

• Next message: DWINKWORTH@wi.rr.com: "Re: multicast funny question!! shared trees leads to source"
• Previous message: wim.depauw@getronics.com: "Re: Re: BGP fal over and fast-external-fallover"
• Maybe in reply to: Edward Norton: "Easy VPN with profiles"
• Next in thread: Timothy McLaurin: "Re: Easy VPN with profiles"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jun 01 2007 - 06:55:20 ART