cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
475
Views
0
Helpful
3
Replies

IPSec access with VPN Client and Router

horst.thivessen
Level 1
Level 1

Hello,

I have configured a central router with ipsec for vpn clients.

The clients logs in over isdn to a provider and get a dynamic ip address.

That works fine.

Now i want also a router to log in over isdn with a dynamic ip address.

The router starts the isakmp conversation. But if the xauth starts the central router messages:

Unknown Input: state=IKE_XAUTH_REQ_SENT

the other router messages: request for xauth-username denied

I think that the connecting router can not sent a authentication like a vpn client.

But i can only configure one crypto map per interface and so i have to use the map for the vpn clients.

So is it possible to connect to one routerinterface over ipsec with a vpn client and another router ?

Merci for your help

Horst

3 Replies 3

vijkrish
Cisco Employee
Cisco Employee

You should disable xauth for the static peer ie., the router.

crypto isakmp key XXXXXX address no-xauth

OR

crypto isakmp key XXXXXX hostname no-xauth

This is made possible via CSCdr46129.

Vijay.

Thanks or your response.

The problem is that the router also connects via ISP ( with a dynamic IP address ) to the central router. So i can not configure a entry as you described.

Maybe with the hostname ? But therefor the centralrouter has to know the hostname of the other router ( is it possible that the connecting router sends its hostname to the central router when connecting ? )

Sorry I read your post too quickly. In this situation (IP assignment is dynamic for the remote router), my solution is not applicable. Currently I don't have any further ideas.

Sincerely,

Vijay.