Hi

I am trying to create a vpn between a 5505 and  a 2821 router, using client to site vpn

At the moment I cant get the Client to site to work on the 2821 with the desktop client.

I have a configuration as follows (relevant config only)

When I try to connect using the windows client - Group and user works -

Accepts the group key and username and password

Client log returns - No private IP address was assigned by the peer

Router log attached - It seems to be the bolded section that is failing

Is there an issue between IP4_ADDRESS and address ??

Any help would be apreciated

Mark

aaa authentication login remote5505 local
aaa authorization network remote5505 local

username remote5505 password xxxxxxxx

crypto isakmp client configuration group remote5505
 key somekey
 dns 10.242.10.1
 domain remote.pegasustech.com.au
 pool remote-pabx-pool
 max-users 10
 
crypto isakmp profile remote5505-ike
   match identity group remote5505
   client authentication list remote5505
   isakmp authorization list remote5505


crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto ipsec profile remote5505-ipsec
 set transform-set ESP-3DES-SHA
 set pfs group2
 set isakmp-profile remote5505-ike
 
interface Virtual-Template7 type tunnel
 ip unnumbered GigabitEthernet0/0
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile remote5505-ipsec


ip local pool remote-pabx-pool 192.169.1.1 192.169.1.50

Logfile of connection (note: other  site to site connecttions runnig at same time)

Oct 19 14:43:22: crypto_engine: Generate IKE hash
Oct 19 14:43:22: CryptoEngine0: CRYPTO_ISA_IKE_HMAC(hw)(ipsec)
Oct 19 14:43:22: ISAKMP: Config payload ACK
Oct 19 14:43:22: ISAKMP:(4600):       (blank) XAUTH ACK Processed
Oct 19 14:43:22: ISAKMP:(4600):deleting node -310187099 error FALSE reason "Transaction mode done"
Oct 19 14:43:22: ISAKMP:(4600):Talking to a Unity Client
Oct 19 14:43:22: ISAKMP:(4600):Input = IKE_MESG_FROM_PEER, IKE_CFG_ACK
Oct 19 14:43:22: ISAKMP:(4600):Old State = IKE_XAUTH_SET_SENT  New State = IKE_P1_COMPLETE

Oct 19 14:43:22: ISAKMP:(4600):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
Oct 19 14:43:22: ISAKMP:(4600):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE

Oct 19 14:43:22: ISAKMP (4600): received packet from 110.174.53.148 dport 4500 sport 63394 Global (R) QM_IDLE
Oct 19 14:43:22: ISAKMP: set new node -2105231467 to QM_IDLE
Oct 19 14:43:22: crypto_engine: Decrypt IKE packet
Oct 19 14:43:22: CryptoEngine0: CRYPTO_ISA_IKE_DECRYPT(hw)(ipsec)
Oct 19 14:43:22: ISAKMP:(4600):processing transaction payload from 110.174.53.148. message ID = -2105231467
Oct 19 14:43:22: crypto_engine: Generate IKE hash
Oct 19 14:43:22: CryptoEngine0: CRYPTO_ISA_IKE_HMAC(hw)(ipsec)
Oct 19 14:43:22: ISAKMP: Config payload REQUEST
Oct 19 14:43:22: ISAKMP:(4600):checking request:
Oct 19 14:43:22: ISAKMP:    IP4_ADDRESS
Oct 19 14:43:22: ISAKMP:    IP4_NETMASK
Oct 19 14:43:22: ISAKMP:    IP4_DNS
Oct 19 14:43:22: ISAKMP:    IP4_NBNS
Oct 19 14:43:22: ISAKMP:    ADDRESS_EXPIRY
Oct 19 14:43:22: ISAKMP:    MODECFG_BANNER
Oct 19 14:43:22: ISAKMP:    MODECFG_SAVEPWD
Oct 19 14:43:22: ISAKMP:    DEFAULT_DOMAIN
Oct 19 14:43:22: ISAKMP:    SPLIT_INCLUDE
Oct 19 14:43:22: ISAKMP:    SPLIT_DNS
Oct 19 14:43:22: ISAKMP:    PFS
Oct 19 14:43:22: ISAKMP:    MODECFG_BROWSER_PROXY
Oct 19 14:43:22: ISAKMP:    BACKUP_SERVER
Oct 19 14:43:22: ISAKMP:    MODECFG_SMARTCARD_REMOVAL_DISCONNECT
Oct 19 14:43:22: ISAKMP:    APPLICATION_VERSION
Oct 19 14:43:22: ISAKMP: Client Version is : Cisco Systems VPN Client 5.0.07.0440:WinNTp
Oct 19 14:43:22: ISAKMP:    FW_RECORD
Oct 19 14:43:22: ISAKMP:    MODECFG_HOSTNAME
Oct 19 14:43:22: ISAKMP:    INCLUDE_LOCAL_LAN
Oct 19 14:43:22: AAA/AUTHOR (0xFA6): Pick method list 'remote5505'
Oct 19 14:43:22: ISAKMP/author: Author request for group remote5505successfully sent to AAA
Oct 19 14:43:22: ISAKMP:(4600):Input = IKE_MESG_FROM_PEER, IKE_CFG_REQUEST
Oct 19 14:43:22: ISAKMP:(4600):Old State = IKE_P1_COMPLETE  New State = IKE_CONFIG_AUTHOR_AAA_AWAIT

Oct 19 14:43:22: ISAKMP:(4600):Receive config attributes requested butconfig attributes not in crypto map.  Sending empty reply.
Oct 19 14:43:22: ISAKMP:(4600):attributes sent in message:
Oct 19 14:43:22:         Address: 0.2.0.0
Oct 19 14:43:22: ISAKMP: Sending ADDRESS_EXPIRY seconds left to use the address: 86394
Oct 19 14:43:22: ISAKMP: Sending APPLICATION_VERSION string: Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 15.1(4)M8, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Fri 07-Mar-14 08:20 by prod_rel_team
Oct 19 14:43:22: ISAKMP (4600): Unknown Attr: MODECFG_HOSTNAME (0x700A)
Oct 19 14:43:22: crypto_engine: Generate IKE hash
Oct 19 14:43:22: CryptoEngine0: CRYPTO_ISA_IKE_HMAC(hw)(ipsec)
Oct 19 14:43:22: ISAKMP:(4600): responding to peer config from 110.174.53.148. ID = 2189735829
Oct 19 14:43:22: ISAKMP: Marking node 2189735829 for late deletion
Oct 19 14:43:22: crypto_engine: Encrypt IKE packet
Oct 19 14:43:22: CryptoEngine0: CRYPTO_ISA_IKE_ENCRYPT(hw)(ipsec)
Oct 19 14:43:23: ISAKMP:(4600): sending packet to 110.174.53.148 my_port 4500 peer_port 63394 (R) CONF_ADDR
Oct 19 14:43:23: ISAKMP:(4600):Sending an IKE IPv4 Packet.
Oct 19 14:43:23: ISAKMP:(4600):Talking to a Unity Client
Oct 19 14:43:23: ISAKMP:(4600):Input = IKE_MESG_FROM_AAA, IKE_AAA_GROUP_ATTR
Oct 19 14:43:23: ISAKMP:(4600):Old State = IKE_CONFIG_AUTHOR_AAA_AWAIT  New State = IKE_P1_COMPLETE

Oct 19 14:43:23: ISAKMP:FSM error - Message from AAA grp/user.

Oct 19 14:43:23: ISAKMP:(4600):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
Oct 19 14:43:23: ISAKMP:(4600):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE

Oct 19 14:43:23: ISAKMP (4600): received packet from 110.174.53.148 dport 4500 sport 63394 Global (R) QM_IDLE
Oct 19 14:43:23: ISAKMP: set new node -2078007480 to QM_IDLE
Oct 19 14:43:23: crypto_engine: Decrypt IKE packet
Oct 19 14:43:23: CryptoEngine0: CRYPTO_ISA_IKE_DECRYPT(hw)(ipsec)
Oct 19 14:43:23: crypto_engine: Generate IKE hash
Oct 19 14:43:23: CryptoEngine0: CRYPTO_ISA_IKE_HMAC(hw)(ipsec)
Oct 19 14:43:23: ISAKMP:(4600): processing HASH payload. message ID = 2216959816
Oct 19 14:43:23: ISAKMP:received payload type 18
Oct 19 14:43:23: ISAKMP:(4600):Processing delete with reason payload
Oct 19 14:43:23: ISAKMP:(4600):delete doi = 0
Oct 19 14:43:23: ISAKMP:(4600):delete protocol id = 1
Oct 19 14:43:23: ISAKMP:(4600):delete spi_size =  16
Oct 19 14:43:23: ISAKMP:(4600):delete num spis = 1
Oct 19 14:43:23: ISAKMP:(4600):delete_reason = 2
Oct 19 14:43:23: ISAKMP:(4600): processing DELETE_WITH_REASON payload, message ID = 2216959816, reason: DELETE_BY_USER_COMMAND
Oct 19 14:43:23: ISAKMP:(4600):peer does not do paranoid keepalives.

Oct 19 14:43:23: ISAKMP:(4600):peer does not do paranoid keepalives.

Oct 19 14:43:23: ISAKMP:(4600):deleting SA reason "BY user command" state (R) QM_IDLE       (peer 110.174.53.148)
Oct 19 14:43:23: ISAKMP:(4600):deleting node -2078007480 error FALSE reason "Informational (in) state 1"
Oct 19 14:43:23: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Oct 19 14:43:23: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
Oct 19 14:43:23: IPSEC(key_engine_delete_sas): delete all SAs shared with peer 110.174.53.148
Oct 19 14:43:23: ISAKMP: set new node 188239974 to QM_IDLE
Oct 19 14:43:23: crypto_engine: Generate IKE hash
Oct 19 14:43:23: CryptoEngine0: CRYPTO_ISA_IKE_HMAC(hw)(ipsec)
Oct 19 14:43:23: crypto_engine: Encrypt IKE packet
Oct 19 14:43:23: CryptoEngine0: CRYPTO_ISA_IKE_ENCRYPT(hw)(ipsec)
Oct 19 14:43:23: ISAKMP:(4600): sending packet to 110.174.53.148 my_port 4500 peer_port 63394 (R) QM_IDLE
Oct 19 14:43:23: ISAKMP:(4600):Sending an IKE IPv4 Packet.
Oct 19 14:43:23: ISAKMP:(4600):purging node 188239974
Oct 19 14:43:23: ISAKMP:(4600):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
Oct 19 14:43:23: ISAKMP:(4600):Old State = IKE_P1_COMPLETE  New State = IKE_DEST_SA