Re: remote access vpn issue

its on a IOS Router

!
username biola password 7 020C1156040D0A
username user1 password 7 111918160405041E007B79776C
archive
 log config
  hidekeys
!
!

!
crypto isakmp policy 40
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp client configuration group STONE_CLIENT
 key paycom123$
 pool ippool
 acl 101
!
!
crypto ipsec transform-set CORNER esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 10
 set transform-set CORNER
!
!
crypto map CRYPTO local-address Loopback0
crypto map CRYPTO client authentication list CLIENT
crypto map CRYPTO isakmp authorization list CORNER_AUTH
crypto map CRYPTO client configuration address respond
crypto map CRYPTO 10 ipsec-isakmp
 
!
!
!
!
!
interface Loopback0
 ip address 25.20.2.1 255.255.255.0
 ip nat outside
 ip virtual-reassembly
!
interface Loopback10
 ip address 10.10.10.10 255.255.255.0
!
interface FastEthernet0/0
 description OUTSIDE
 ip address 172.16.66.60 255.255.255.248
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 crypto map CRYPTO
!
interface FastEthernet0/1
 description INSIDE
 ip address 204.242.130.170 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface Serial0/2/0
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/2/1
 no ip address
 shutdown
 clock rate 2000000
!
ip local pool ippool 10.10.10.100 10.10.10.120
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 172.16.66.57
no ip http server
no ip http secure-server
!
!
ip nat inside source list INTERNET interface Loopback0 overload
ip nat inside source static tcp 10.10.10.10 900 25.20.2.1 900 extendable
!
ip access-list extended _PROXY_ACL
 permit ip host 10.10.10.10 host 10.71.161.35
 permit ip host 10.10.10.10 host 10.71.161.15
ip access-list extended GF1
 permit ip host 10.10.10.10 192.168.111.0 0.0.0.255
ip access-list extended INTER
 permit ip host 10.10.10.10 host 172.25.20.8
ip access-list extended P
ip access-list extended INTERNET
 deny ip host 10.10.10.10 192.168.111.0 0.0.0.255
 deny ip host 10.10.10.10 host 10.71.161.35
 deny ip host 10.10.10.10 host 172.25.20.8
 deny ip host 10.10.10.10 host 10.71.161.15
 permit ip host 10.10.10.10 any
 
access-list 101 permit ip 10.10.10.0 0.0.0.255 any
!
!

--- On Thu, 3/10/11, Sadiq Yakasai <sadiqtanko_at_gmail.com> wrote:

From: Sadiq Yakasai <sadiqtanko_at_gmail.com>
Subject: Re: remote access vpn issue
To: "Abiola Jewoola" <biola_y2k_at_yahoo.com>
Cc: ccielab_at_groupstudy.com
Date: Thursday, March 10, 2011, 7:25 AM

Is this on an IOS or ASA device? Thats the config I was most interested in
actually.

On Thu, Mar 10, 2011 at 3:17 PM, Abiola Jewoola <biola_y2k_at_yahoo.com> wrote:

vpnc version 0.5.3

I dont have access to the remote software

--- On Thu, 3/10/11, Sadiq Yakasai <sadiqtanko_at_gmail.com> wrote:

From: Sadiq Yakasai <sadiqtanko_at_gmail.com>
Subject: Re: remote access vpn issue

To: "Abiola Jewoola" <biola_y2k_at_yahoo.com>
Cc: ccielab_at_groupstudy.com
Date: Thursday, March 10, 2011, 6:34 AM

Hi Abiola,

Can you provide some configuration and the versions of all the software
involved here? That should give more information in troubleshooting this.

Sadiq

On Thu, Mar 10, 2011 at 1:41 PM, Abiola Jewoola <biola_y2k_at_yahoo.com> wrote:

Hello guys,

Am setting up a remote access vpn for a client. I have confiigured the vpn

parameters on the router. The connection from the client software is

successsful.

But the remote user can ping the Head office local Lan.

I can see the connections coming from the user ( QM_IDLE State) but when i
did

a debug crypto isakamp and debug crypto ipsec. i get some error logs

IKE Dispatcher: Invalid major version 4 in IKE packet header. Dropping
packet

What could be the prob?

Blogs and organic groups at http://www.ccie.net
Received on Thu Mar 10 2011 - 07:32:20 ART