Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
358
Views
0
Helpful
1
Replies

ADSL 837 with VPN client

nigelb
Level 1
Level 1

‎01-13-2005 04:34 AM

Hello

I have an 837 adsl router with 3 x site-site vpn's working OK. I'm now trying to add VPN Client connectivity but seem to have hit a brick wall!

I get "phase 1 SA policy not acceptable!" and nada!

Any suggestions most gratefully received.

Labels:
Preview file
17 KB
Preview file
4 KB
Preview file
30 KB
0 Helpful
1 Reply 1

gfullage
Cisco Employee
Cisco Employee

‎01-13-2005 04:20 PM

According to the Feature Navigator (http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp), support for "Easy VPN Server" wasn't formally introduced into the 837 until 12.3(2)T. You're running 12.2 something so you'll need to upgrade to get it working properly (and get proper support on it).

As for your config, you're missing the following lines:

aaa authorization network VPNgroup local

crypto map clientmap isakmp authorization list VPNgroup

Also, always make sure your dynamic crypto map instance number is HIGHER than all your static crypto maps, otherwise the dynamic one will be picked up first and match everything, which could have adverse effects on your static maps. Change your dynamic crypto map statement to the following:

no crypto map mymap 5 ipsec-isakmp dynamic DynMap

crypto map mymap 500 ipsec-isakmp dynamic DynMap

Don't forget to add your IP pool traffic into the 101 access-list either.

See the following sample config for your reference:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080095106.shtml

0 Helpful
Customers Also Viewed These Support Documents