Re: Easy VPN with profiles

From: Timothy McLaurin (tem2360@yahoo.com)
Date: Thu May 10 2007 - 07:24:37 ART

• Next message: Guyler, Rik: "RE: Dumb Trunking Question"
• Previous message: Bill Mckenzie: "RE: REcheck"
• Maybe in reply to: Edward Norton: "Easy VPN with profiles"
• Next in thread: Keshav Anand: "Re: Easy VPN with profiles"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Maybe this is because you are calling your profile again in the Dynamic Map? I have a working configuration that doesn't have the set isakmp-profile EZVPN in the dynamic-map. If you take that out what happens? Also what I see missing in your set up that differs from mine.
   
  Also I would throw in client configuration address respond to your profile. Maybe that'll help?
   
  
Edward Norton <doubleccie@yahoo.com> wrote:
  Guys
I am trying to run easy vpn between two routers using ISAKMP profiles , assume R2 is the client and R4 is the server ..here is my config

R4
====
username ccie privilege 15 password 0 ccie
!
crypto isakmp policy 100
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group EZVPN
key ccie
domain cisco.com
pool CCIEPOOL
!
crypto isakmp profile EZVPN
match identity group EZVPN
client authentication list EZVPN
isakmp authorization list EZVPN
!
!
crypto ipsec transform-set TSET1 esp-3des esp-md5-hmac
!
crypto dynamic-map EZVPN 100
set transform-set TSET1
set isakmp-profile EZVPN
reverse-route
!
!
crypto map EZVPN 100 ipsec-isakmp dynamic EZVPN
!
!
!
interface Ethernet0/0
ip address 20.1.1.4 255.255.255.0
crypto map EZVPN
!
ip local pool CCIEPOOL 4.4.200.30 4.4.200.40
!

on the client R2 , configuration is

!
crypto ipsec client ezvpn EZVPN
connect auto
group EZVPN key ccie
mode client
peer 20.1.1.4
!
!
!
!
interface FastEthernet0/0
ip address 20.1.1.2 255.255.255.0
crypto ipsec client ezvpn EZVPN
!
!
interface FastEthernet0/1
ip address 20.1.23.2 255.255.255.0
crypto ipsec client ezvpn EZVPN inside
!
=============================

R2 ask me for username and password which i provide ..however i keep getting the following message on R2

A pre-shared key for address mask 20.1.1.4 255.255.255.255 already exists

and of course the tunnel does not come up ..have anyone faced similar problem before ?? ..what is that supposed to mean

thanks

---------------------------------
Ahhh...imagining that irresistible "new car" smell?
Check outnew cars at Yahoo! Autos.

       
---------------------------------
Ahhh...imagining that irresistible "new car" smell?
 Check outnew cars at Yahoo! Autos.

• Next message: Guyler, Rik: "RE: Dumb Trunking Question"
• Previous message: Bill Mckenzie: "RE: REcheck"
• Maybe in reply to: Edward Norton: "Easy VPN with profiles"
• Next in thread: Keshav Anand: "Re: Easy VPN with profiles"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jun 01 2007 - 06:55:20 ART