10-12-2017 02:18 PM - edited 03-05-2019 09:17 AM
I have a new Cisco 881 that I am going to use for my VPN gateway for several NEC phones. The NEC phones have a VPN client built into them. I have the 881 configured and have one phone connected and working fine. Whenever connect a second phone to the gateway the first phone drops and no additional phones will connect. If I only use one phone, everything works fine. I have a global group assigned for authentication and have created mulitple users. What am I going wrong? Any help would be greatly appreciated.
config
! Last configuration change at 20:53:09 UTC Thu Oct 12 2017
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PhoneVPNrtr
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
vpdn enable
!
vpdn-group 1
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 1
no l2tp tunnel authentication
!
!
!
!
!
!
!
!
license udi pid C881-K9 sn FGL194327M3
!
!
!
spanning-tree portfast bpduguard
username remotephone1 password 0 P@ssw0rd1!
username remotephone2 password 0 P@ssw0rd1!
username remotephone3 password 0 P@ssw0rd1!
!
!
!
!
!
!
!
crypto isakmp policy 10
encr aes
hash sha256
authentication pre-share
group 5
crypto isakmp key @sp1r10n! hostname nec_term
crypto isakmp nat keepalive 20
!
!
crypto ipsec transform-set nec_enc esp-aes esp-sha256-hmac
mode transport
!
!
crypto ipsec profile vpnprof
set transform-set nec_enc
!
!
crypto dynamic-map cisco-dynamic 5
set transform-set nec_enc
set pfs group5
match address cryptoacl
!
crypto dynamic-map cisco-dynamic5 1
set transform-set nec_enc
set pfs group5
match address cryptoacl
!
!
crypto map cisco-dynamic 5 ipsec-isakmp dynamic cisco-dynamic
!
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
no ip address
pppoe enable group global
!
interface FastEthernet4
no ip address
shutdown
duplex auto
speed auto
!
interface Virtual-Template1
ip unnumbered FastEthernet2
ip nat inside
ip virtual-reassembly in
peer default ip address pool mypool
ppp authentication ms-chap-v2
!
interface Virtual-Template2
ip unnumbered FastEthernet2
ip nat inside
ip virtual-reassembly in
peer default ip address pool mypool
ppp authentication ms-chap-v2
!
interface Vlan1
ip address 10.0.0.3 255.255.255.0
crypto map cisco-dynamic
!
interface Vlan2
ip address 172.23.0.253 255.255.255.0
!
interface Vlan3
no ip address
!
ip local pool mypool 172.23.0.240 172.23.0.250
ip default-gateway 10.0.0.1
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip default-network 10.0.0.1
ip route 0.0.0.0 0.0.0.0 10.0.0.1
!
ip access-list extended cryptoacl
permit ip any any
!
!
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
line con 0
password P@ssw0rd1!
login
no modem enable
line aux 0
line vty 0 4
password P@ssw0rd1!
login
transport input ssh
!
scheduler allocate 20000 1000
!
end
Solved! Go to Solution.
10-12-2017 03:46 PM
Unless something has changed, you do:
FL-WEBVPN-10-K9
Feature License SSL VPN for Up to 10 Users (incremental), for 12.4T based IOS releases only
FL-SSLVPN10-K9
Feature License SSL VPN for Up to 10 Users (incremental), for 15.x based IOS releases only
-If I helped you somehow, please, rate it as useful.-
10-12-2017 03:39 PM
Hi,
Do you have license?
10-12-2017 03:43 PM
10-12-2017 03:46 PM
Unless something has changed, you do:
FL-WEBVPN-10-K9
Feature License SSL VPN for Up to 10 Users (incremental), for 12.4T based IOS releases only
FL-SSLVPN10-K9
Feature License SSL VPN for Up to 10 Users (incremental), for 15.x based IOS releases only
-If I helped you somehow, please, rate it as useful.-
10-12-2017 03:50 PM
10-12-2017 03:57 PM
Thanks for rating and changing the status to solved. This helps make this forum better.
-If I helped you somehow, please, rate it as useful.-
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide