09-15-2005 03:26 AM - edited 02-21-2020 01:57 PM
I have a problem with the connection of XP client to VPN router.The router's configuration is that :
aaa new-model
aaa authentication login default group radius local enable
aaa authentication login local local
aaa authentication ppp dsl local
vpdn enable
vpdn-group securedsl
Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 2
crypto isakmp policy 1
authentication pre-share
crypto isakmp key cisco123 address ****
!
!
crypto ipsec transform-set test ah-md5-hmac esp-des
!
crypto map testmap 10 ipsec-isakmp
set peer ****
set transform-set test
match address 101
!
interface Ethernet0/0
crypto map testmap
interface Virtual-Template2
ip unnumbered Loopback254
no keepalive
peer default ip address pool dsl
ppp encrypt mppe auto
ppp authentication chap ms-chap
!
ip local pool dsl **** ****
access-list 101 permit ip host **** host ****
and the logs that I have are in attachment.
Does anybody knows where is the problem?
09-20-2005 10:54 PM
The log indicates that your phase 2 ipsec proposals are not matching the proposals offered from your XP client (from your log "phase 2 SA not acceptable!"). Try to play around in the router config with the command "crypto ipsec transform-set test ? ? ?" to find out which is matching your criterias. I don't know in the moment what parameter for this command should work with the Windows XP client - just try out (beginning with the simplest parameters). Best regards - Thomas.
10-03-2005 10:54 PM
I tried every option of the command.I always have the same logs.Other opinions?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: