Thanks for the offer of help!

I've attached my config files

Brad,

Sorry to reply with a link:

http://www.cisco.com/en/US/partner/tech/tk583/tk372/technologies_configuration_example09186a00800949ba.shtml

But here's the deal...

You're configuring the remote access client IPsec VPN connection with a static crypto map:

crypto map IPSEC 45 ipsec-isakmp

set peer 44.55.66.77

set security-association lifetime seconds 7200

set transform-set L2TP-LNS

set pfs group2

You need to change that to a dynamic crypto map (explained in the link).

Also, the ''mode'' should be tunnel and not transport in the transform-set.

Please try it and let us know any problems.

Federico.

Do you have another link or example? I can't access that link.

This is the same link (without requiring CCO):

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800946b7.shtml

Federico.

Federico,

Thanks I can get to the page now, in fact it is one I found before. Maybe I'm not looking in the right place but I don't see any explanations for tunnels, crypto maps, or encryption. This is the page the link tok me to.

Configuring IPSec Between a Cisco IOS Router and a Cisco VPN Client 4.x for Windows Using RADIUS for User Authentication

Document Id: 21060.

As  first posted I'm a complete novice to all things Cisco and could really use a working example for the 1811.

Thanks for the help and will be back after the weekend.

Hi Federico,

I've attempted to follow the suggested configuration from the link but there is still no vpn connection. I've attached the new 1811 config file, the shrewsoft client config remains the same.

Thanks

Federico,

My apologies, I noticed I misplelt your name in previous posts. I'm still unable to get my VPN to work I tried another config yesterday and have included both the 1811 config as well as the client config. I see this error at the console of the 1811

%CRYPTO-6-VPN_TUNNEL_STATUS: Group:  does not exist

Thanks

Brad

Federico,

I was able to get my VPN established using the attached config files. I still really don't understand how this stuff all works though. In order to complete my setup I need to be able to connect to a few servers on different sub nets after I establish the VPN connection. Can you provide some additional direction on how to do this?

I have 3 subnets 192.168.1.0 - 192.168.1.255 NM 255.255.255.0

                        192.168.2.0 - 192.168.1.255 NM 255.255.255.0

                        10.0.1.0 - 10.0.1.255 NM 255.255.255.-0

The subnets are on HP procurve switches model 2900-24G

In my posted config I tried to setup a VLAN of 192.168.5.0 and NM 255.255.255.0 and use FastEthernet 1.

Can I use the remaining FastEthernet ports 2 - 8 to physically connect to the other subnets? How do I set this up?

Also I have a question about the VPN itself. I expected to see an assigned address in the range  192.168.5.100 192.168.5.119 when I type ipconfig /all

on the client workstation. Client is win 7 and Shrewsoft VPN however I don't see this.

Thanks for all the help

Can you verify these commands ?

(config)#int FastEthernet 2

(config-if)#sw mode access

(config-if)#sw access vl 2

(config)#int vl 2

!192.168.0.249 is unused on the subnet

(config-if)#ip address 192.168.0.249 255.255.255.0

(config-if)#no shut

config)#access-list 101 permit ip 192.168.5.0 0.0.0.255 any
(config)#access-list 101 permit ip 192.168.0.0 0.0.0.255 any
(config)#access-list 101 permit ip 192.168.1.0 0.0.0.255 any

Thanks

Edit:

The above commands don't allow me to ping a device at 192.168.1.1. Is there something I need to add for routing as well?

Edit 2:

I can ping the device at 192.168.1.1 from the console of the 1811 but not from the remote end of the tunnel. Does that make it a routing issure?

Thanks