on cisco 1841crypto isakmp profile NEWVPN match identity group NEWVPNGROUP match identity address x.x.x.x x.x.x.x client authentication list NEWVPNAUTH isakmp authorization list NEWVPNTHOR client configuration address respondwith comand ma...
Hi Frederico, thanks for explanations.I tested several SW and one of them worked, maybe new sw versions foresee this commands to work like AND for our fortune JOk so to summarize: a) interface virtual template – not working, reason – VPN session term...
HI FredericoThe solution for this problem is the following:Under crypto isakmp profile command match identity address *IP range*This will work but not with all SW versions unfortunately. With virtual template it will not work.But anyway if You find s...
Hi Frederico, the problem of solution with virtual templates is the following:We must force router somehow to accept VPN sessions on virtual template interface. Router accepts sessions on real interface and then refers to virtual template interface –...
Hello JYes when I saw it I thought as You wrote BUT, when I created virtual interface and applied ACL unfortunately it was restricting ONLY access to networks which VPN must see.I tried even to deny all UDP in the same ACL“Access-group in” on virtual...
Thank You for reply, but here is one important note: I have many VPNs on that router and if I applyACL restricting IP range with pointing there corresponding port it will be spread on all incoming traffic matching this port – so this ACL as I underst...