Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
550
Views
0
Helpful
1
Replies

Easy VPN Server - 7609

Florin Barhala
Level 6
Level 6

‎03-10-2009 09:04 AM

Hy,

The client has this Cisco 7609, with the following configuration (don't laugh about it):

Gi 3/1

ip address 172.16.0.1

ip nat inside

then there are two subinterfaces defined each of them from the two ISP

Gi 3/1.201

encapsulation dot1Q 201

ip address ISP_1_GW

Gi 3/1.202

encapsulation dot1Q 202

ip address ISP_2_GW

and other two subinterfaces each of them with the BGP subclass the client bought for use

Gi 3/1.101

encapsulation dot1Q 101

ip address BGP_subclass_1

Gi 3/1.102

encapsulation dot1Q 102

ip address BGP_subclass_2

I need to configure an Easy VPN Server so that stations from everywhere with Cisco VPN Client reach Cisco and take a public IP (it's up to me what IP) they just have to reach another resource with this IP, as that firewall permit access only from this IP.

The trouble is that, if want to define virtual interface and assign it to a crypto isakmp profile I can't. Because the command it's missing:

Cisco-7609(conf-isa-prof)#?

Crypto ISAKMP Profile Commands are:

accounting Enable AAA Accounting for IPSec Sessions

ca Specify certificate authorities to trust

client Specify client configuration settings

default Set a command to its defaults

description Specify a description of this profile

exit Exit from crypto isakmp profile sub mode

initiate Initiator property

isakmp ISAKMP Authorization command

keepalive Set a keepalive interval for use with IOS peers

keyring Specify keyring to use

local-address Interface to use for local address for this isakmp profile

match Match values of peer

no Negate a command or set its defaults

qos-group Apply a Qos policy class map for this profile

self-identity Specify Identity to use

vrf Spcify the VRF it is related to

The equipment is running:

Cisco IOS Software, c7600rsp72043_rp Software (c7600rsp72043_rp-ADVIPSERVICESK9-M), Version 12.2(33)SRB2, RELEASE SOFTWARE (fc1)

Upset of that I tried an old fashion method with a crypto map configuration I attached it. Then I keep receiving this message from the Cisco VPN Client:

Reason 412: The remote peer is no longer responding.

And here's an explanation: http://www.chicagotech.net/vpnissues/ciscoerror12.htm

But I have full connectivity with this IP as I tried one hop away from it.

SDM s not running on this model, so I m out of options.

Thanks in advance,

Florin.

Labels:
Preview file
1 KB
0 Helpful
1 Reply 1

owillins
Level 6
Level 6

‎03-16-2009 04:02 PM

Verifying Easy VPN Server

To verify your configurations for this feature, perform the following steps.

SUMMARY STEPS

1. enable

2. show crypto map [interface interface | tag map-name]

For further information click this link.

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t8/feature/guide/ftunity.html#wp1192045

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents