Showing results for 
Search instead for 
Did you mean: 

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

Markus Thun

Cisco Router 1841 AAA authentication over VPN

Hello Community,


VPN over IPSec (Site-2-Site)

Here is the Configuration of the Cisco 1841 Router:

//Login Credentails

enable secret xxxxxx

username admin privilege 15 password xxxxxx

//ACL for VPN and NAT

access-list 102 permit ip

access-list 102 permit ip

access-list 150 deny   ip

access-list 150 deny   ip

access-list 150 permit ip any


ip access-list extended inboundfilter

evaluate reflectacl

permit udp any host <<WANIP>> eq isakmp

permit tcp any host <<WANIP>> eq 22

permit icmp any host <<WANIP>>


ip access-list extended outboundfilter

permit ip any reflect reflectacl

permit ip any reflect reflectacl

deny   udp 192.168.XXX.0 any

permit ip any any reflect reflectacl

//VPN settings

crypto isakmp policy 10

encr aes

authentication pre-share

group 2

crypto isakmp key xxxxxxxxx address

crypto isakmp keepalive 30

crypto ipsec transform-set SET esp-aes esp-sha-hmac

crypto map B2B 10 ipsec-isakmp

description b2b-fw-ushou-1

set peer

set security-association lifetime seconds 86400

set transform-set SET

match address 102

//Interface configuration

interface FastEthernet0/0

description wan_primary

ip access-group inboundfilter in

ip access-group outboundfilter out

crypto map B2B

interface FastEthernet0/1

ip nat inside

route-map nonat permit 10

match ip address 150

ip nat inside source route-map nonat interface FastEthernet0/0 overload

The cisco 1841 router will you for ssh the aaa authentication method. But the router can not ping over the VPN in the remote LAN. The router can not reach the Radius server. Have anybody an idea to solve this issue?

Best Regards

Markus Thun

Content for Community-Ad