I am using VTI based easy VPN, here a short list of the VPN commands
Server
crypto isakmp client configuration group test
key test
pool SDM_POOL_1
acl 101
save-password
max-users 5000
crypto isakmp profile sdm-ike-profile-1
match identity group test
client authentication list sdm_vpn_xauth_ml_1
isakmp authorization list sdm_vpn_group_ml_2
client configuration address respond
virtual-template 1
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
!
!
crypto ipsec profile SDM_Profile2
set transform-set ESP-3DES-SHA1
set isakmp-profile sdm-ike-profile-1
interface Virtual-Template1 type tunnel
ip unnumbered Dialer1
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile2
!
ip local pool SDM_POOL_1 10.1.2.1 10.1.2.100
Client
crypto ipsec client ezvpn SDM_EZVPN_CLIENT_1
connect auto
group test key test
mode network-extension
peer 217.66.227.245
username AbBa password 29814140599365555
xauth userid mode local
!
!
!
!
!
interface FastEthernet0/0
ip address 172.17.50.50 255.255.0.0
crypto ipsec client ezvpn SDM_EZVPN_CLIENT_1
!
interface FastEthernet0/1
ip address 172.16.2.1 255.255.255.0
crypto ipsec client ezvpn SDM_EZVPN_CLIENT_1 inside
!
interface Virtual-Template1 type tunnel
no ip address
tunnel mode ipsec ipv4
Regards,
Amin
-----Original Message-----
From: Joseph L. Brunner [mailto:joe_at_affirmedsystems.com]
Sent: Tuesday, January 03, 2012 12:52 PM
To: amin; ccielab_at_groupstudy.com
Subject: RE: proxy identities not supported
Post your configs... I suspect you misconfigured ezvpn.
At a basic level here is a server and client config I use every day that
works great.
Server:
aaa authentication login default local line
aaa authentication login ezvpnuserlist local
aaa authorization network ezvpnusergroup local
!
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
crypto isakmp invalid-spi-recovery
!
crypto isakmp client configuration group vpngwtogw
key newkeynow00
acl split_tunnel_acl
save-password
max-users 10
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set ESP-AES128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set default esp-aes esp-sha-hmac
!
crypto identity ad
!
crypto dynamic-map dyntemplate 1
set transform-set default
reverse-route
!
!
crypto map secure client authentication list ezvpnuserlist
crypto map secure isakmp authorization list ezvpnusergroup
crypto map secure client configuration address respond
crypto map secure 65535 ipsec-isakmp dynamic dyntemplate
ip access-list extended split_tunnel_acl
permit ip 10.10.200.0 0.0.0.255 any
interface gigabithethernet0/0
description outside
ip address 74.19.14.210 255.255.255.224
crypto map secure
Client:
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
!
!
crypto ipsec transform-set ESP-AES128-SHA esp-aes esp-sha-hmac
!
!
!
crypto ipsec client ezvpn vpngwtogw
connect auto
group vpngwtogw key newkeynow00
mode network-extension
peer 90.19.14.210
username admin password nonegiven
xauth userid mode local
!
!
crypto identity ad
!
int fastethernet0
Description outside
ip address dhcp
crypto ipsec client ezvpn vpngwtogw
-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of amin
Sent: Tuesday, January 03, 2012 5:34 AM
To: ccielab_at_groupstudy.com
Subject: proxy identities not supported
Hi experts,
I am configuring easy VPN between two cisco router, on the server always I
got this error message "proxy identities not supported", cisco website says
that the two access list need to be mirror on each side, but in my case is
easy vpn, which mean no access list configuraiton on the client side.
Any hits about this issue?
Regards,
Amin
Blogs and organic groups at http://www.ccie.net
Received on Tue Jan 03 2012 - 13:11:46 ART
This archive was generated by hypermail 2.2.0 : Thu Feb 02 2012 - 11:52:51 ART