Hi,
The config should works fine. Do you try to connect using VPN Client or
router as EasyVPN Client?
btw: you asked some time ago how to change the subnet mask on the client.
The answer is: using "netmask" command under "crypto isakmp client
configuration group".
Regards,
--
Piotr Matusiak
CCIE #19860 (R&S, SEC)
Technical Instructor
MicronicsTraining.com
�If you can't explain it simply, you don't understand it well enough� -
Albert Einstein
2009/10/20 abderrahim sadki <a_sadki1_at_hotmail.com>
> anyone?
>
> > From: a_sadki1_at_hotmail.com
> > To: ccielab_at_groupstudy.com
> > Subject: vpm mystery
> > Date: Tue, 20 Oct 2009 18:13:13 +0000
> >
> > Hi,
> >
> >
> > I configured a router to establish a vpn tunnel with a cisco vpn
> client..
> > Everything was fine..could connect and stuff..
> >
> > I saved my config, copy and pasted it and it wrong work anymore...on the
> same
> > device!!!
> >
> > after doing a " debug crypto isakmp error" I get these when trying to
> connect
> > again
> >
> > ISAKMP: atts are not acceptable . Next payload is 3 Encryption
> algorithm
> > offered does not match policy.
> >
> >
> >
> > ..here is my config
> >
> >
> > !
> > aaa new-model
> > !
> > !
> > aaa authentication login default local
> > aaa authentication login test none
> > aaa authorization exec default local
> > aaa authorization network sdm_vpn_group_ml_1 local
> > aaa authorization reverse-access test none
> > aaa session-id common
> >
> > !
> >
> > !
> > username vpn password 0 xxxxx
> >
> > !
> > !
> > !
> > crypto isakmp policy 1
> > encr 3des
> > authentication pre-share
> > group 2
> > !
> > crypto isakmp policy 3
> > encr 3des
> > group 2
> > !
> > crypto isakmp client configuration group WG1_1
> > key juniper
> > pool SDM_POOL_1
> > acl 101
> > !
> > !
> > crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
> > !
> > crypto dynamic-map SDM_DYNMAP_1 1
> > set transform-set ESP-3DES-SHA
> > reverse-route
> > !
> > !
> > crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1
> > crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1
> > crypto map SDM_CMAP_1 client configuration address respond
> > crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
> > !
> > !
> > access-list 101 permit ip any any
> > !
> > ip local pool SDM_POOL_1 10.1.1.5
> > !
> >
> >
> > any idea? Thanks in advance
> >
> > Abderahim
> > _________________________________________________________________
> > Windows Live: Friends get your Flickr, Yelp, and Digg updates when they
> e-mail
> > you.
> >
>
>
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/soci
> >
> al-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_3:092010
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
>
> _________________________________________________________________
> Windows Live: Make it easier for your friends to see what you re up to on
> Facebook.
>
>
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/soci
>
al-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_2:092009<ht
tp://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/soci%0
Aal-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_2:092009>
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Tue Oct 20 2009 - 22:36:31 ART