Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
448
Views
0
Helpful
3
Replies

IPSec access with VPN Client and Router

horst.thivessen
Level 1
Level 1

‎06-08-2002 01:04 PM - edited ‎02-21-2020 11:47 AM

Hello,

I have configured a central router with ipsec for vpn clients.

The clients logs in over isdn to a provider and get a dynamic ip address.

That works fine.

Now i want also a router to log in over isdn with a dynamic ip address.

The router starts the isakmp conversation. But if the xauth starts the central router messages:

Unknown Input: state=IKE_XAUTH_REQ_SENT

the other router messages: request for xauth-username denied

I think that the connecting router can not sent a authentication like a vpn client.

But i can only configure one crypto map per interface and so i have to use the map for the vpn clients.

So is it possible to connect to one routerinterface over ipsec with a vpn client and another router ?

Merci for your help

Horst

Labels:
0 Helpful
3 Replies 3

vijkrish
Cisco Employee
Cisco Employee

‎06-10-2002 01:23 AM

You should disable xauth for the static peer ie., the router.

crypto isakmp key XXXXXX address no-xauth

OR

crypto isakmp key XXXXXX hostname no-xauth

This is made possible via CSCdr46129.

Vijay.

0 Helpful

horst.thivessen
Level 1
Level 1
In response to vijkrish

‎06-10-2002 01:35 AM

Thanks or your response.

The problem is that the router also connects via ISP ( with a dynamic IP address ) to the central router. So i can not configure a entry as you described.

Maybe with the hostname ? But therefor the centralrouter has to know the hostname of the other router ( is it possible that the connecting router sends its hostname to the central router when connecting ? )

0 Helpful

vijkrish
Cisco Employee
Cisco Employee
In response to horst.thivessen

‎06-10-2002 02:29 AM

Sorry I read your post too quickly. In this situation (IP assignment is dynamic for the remote router), my solution is not applicable. Currently I don't have any further ideas.

Sincerely,

Vijay.

0 Helpful
Customers Also Viewed These Support Documents