06-08-2002 01:04 PM - edited 02-21-2020 11:47 AM
Hello,
I have configured a central router with ipsec for vpn clients.
The clients logs in over isdn to a provider and get a dynamic ip address.
That works fine.
Now i want also a router to log in over isdn with a dynamic ip address.
The router starts the isakmp conversation. But if the xauth starts the central router messages:
Unknown Input: state=IKE_XAUTH_REQ_SENT
the other router messages: request for xauth-username denied
I think that the connecting router can not sent a authentication like a vpn client.
But i can only configure one crypto map per interface and so i have to use the map for the vpn clients.
So is it possible to connect to one routerinterface over ipsec with a vpn client and another router ?
Merci for your help
Horst
06-10-2002 01:23 AM
You should disable xauth for the static peer ie., the router.
crypto isakmp key XXXXXX address
OR
crypto isakmp key XXXXXX hostname
This is made possible via CSCdr46129.
Vijay.
06-10-2002 01:35 AM
Thanks or your response.
The problem is that the router also connects via ISP ( with a dynamic IP address ) to the central router. So i can not configure a entry as you described.
Maybe with the hostname ? But therefor the centralrouter has to know the hostname of the other router ( is it possible that the connecting router sends its hostname to the central router when connecting ? )
06-10-2002 02:29 AM
Sorry I read your post too quickly. In this situation (IP assignment is dynamic for the remote router), my solution is not applicable. Currently I don't have any further ideas.
Sincerely,
Vijay.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide