ezvpn doubt

From: imran ali <immrccie_at_gmail.com>
Date: Mon, 7 Feb 2011 12:27:32 +0300

Hi group,

refering to doc link
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6635/prod_white_paper0900aecd803645b5.html

i don't understand why " crypto isakmp key 0 cisco123 address 0.0.0.0
0.0.0.0 " command is used . IN a traditional ezpvn scenario

we just need group authentication and xauth authentication.

any suggestions ?

here is the config

hostname c3725-21
 !
 aaa new-model
 !
 aaa authentication login default local
 aaa authorization network default local
 !
 aaa session-id common
 !
 resource policy
 !
 ip subnet-zero
 ip cef
 !
 !
 username cisco privilege 15 password 0 cisco
 !
 policy-map FOO
 class class-default
   shape average 1280000
 !
 !
 crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
 *crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0*
 crypto isakmp keepalive 10
 !
 *crypto isakmp client configuration group cisco*
 key cisco
 dns 6.0.0.2
 wins 7.0.0.1
 domain cisco.com
 pool dpool
 acl 101
 crypto isakmp profile vi
    match identity group cisco
    isakmp authorization list default
    client configuration address respond
    virtual-template 1
 !
 !
 crypto ipsec transform-set set esp-3des esp-sha-hmac
 !
 crypto ipsec profile vi
 set transform-set set
 set isakmp-profile vi
 !
 interface FastEthernet0/0
 ip address 10.0.149.221 255.255.255.0
 duplex auto
 speed auto
 !
 interface FastEthernet0/1
 ip address 192.168.20.21 255.255.255.0
 duplex auto
 speed 100
 !
 !
 interface Virtual-Template1 type tunnel
 ip unnumbered FastEthernet0/0
 tunnel source FastEthernet0/0
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile vi
 service-policy output FOO
 !
 router eigrp 1
 network 192.168.1.0
 network 192.168.20.0
 no auto-summary
 !
 ip local pool dpool 5.0.0.1 5.0.0.3
 ip classless
 ip route 0.0.0.0 0.0.0.0 10.0.149.207
 !
 access-list 101 permit ip 192.168.20.0 0.0.0.255 any
 !
 control-plane
 !
 !
 end

C831 Spoke Router with DVTI Configuration

C1751 Spoke Router with Traditional Easy VPN Configuration
 version 12.3
 !
 hostname c1751-16
 !
 enable password lab
 !
 username cisco privilege 15 password 0 cisco
 !
 no aaa new-model
 ip subnet-zero
 !
 !
 ip cef
 ip domain name cisco.com
 !
 crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
 crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
 crypto isakmp keepalive 10
 !
 crypto ipsec client ezvpn ez
 connect manual
 group cisco key cisco
 local-address FastEthernet0/0
 mode client
 peer 10.0.149.221
 !
 interface Loopback0
 ip address 5.0.0.3 255.255.255.255
 !
 interface Ethernet0/0
 ip address 192.168.16.1 255.255.255.0
   half-duplex
 crypto ipsec client ezvpn ez inside
 !
 interface FastEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$
 ip address dhcp
 speed 100
 full-duplex
 crypto ipsec client ezvpn ez
 !
 ip classless
 ip route 10.0.149.0 255.255.255.0 dhcp
 !
 end

Blogs and organic groups at http://www.ccie.net
Received on Mon Feb 07 2011 - 12:27:32 ART

This archive was generated by hypermail 2.2.0 : Tue Mar 01 2011 - 07:01:49 ART