09-01-2015 08:12 AM - edited 02-21-2020 08:26 PM
Hi all,
am try to configure RAvpn using i-map once and other using below config but my vpn client cant connect.
Is there anything missing, plz help
!
hostname VPNRouTer
!
aaa new-model
!
aaa authentication login acs local
aaa authorization network acs local
!
aaa session-id common
!
dot11 syslog
ip source-route
!
ip cef
ip name-server 8.8.8.8
no ipv6 cef
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
license udi pid CISCO1841 sn FTX0952W014
username cisco privilege 15 password 7 0822455D0A165445415F59
username admin privilege 15 password 7 011807065404155E731F
!
redundancy
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group xxxx
key xxxx
pool mypool
acl 101
save-password
crypto isakmp profile vpn
match identity group alkaboosexch
client authentication list acs
isakmp authorization list acs
client configuration address respond
virtual-template 2
!
!
crypto ipsec transform-set test esp-3des esp-md5-hmac
!
crypto ipsec profile vpn1
set transform-set test
set isakmp-profile vpn
!
!
interface FastEthernet0/0
ip address 192.168.0.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.1.254 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Virtual-Template2 type tunnel
ip unnumbered FastEthernet0/1
tunnel mode ipsec ipv4
tunnel protection ipsec profile vpn1
!
ip local pool mypool 192.168.30.1 192.168.30.10
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 171 interface FastEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
access-list 101 permit ip 192.168.0.0 0.0.0.255 192.168.30.0 0.0.0.255
access-list 171 deny ip 192.168.0.0 0.0.0.255 192.168.30.0 0.0.0.255
access-list 171 permit ip any any
!
09-01-2015 08:57 AM
> am try to configure RAvpn using i-map once and other using below config but my vpn client cant connect.
What is the log-message in the client and are there any debugs (for example "debug crypto isakmp") on the router?
> username cisco privilege 15 password 7 ...
> username admin privilege 15 password 7 ...
please change your passwords immediately. You posted them in nearly cleartext.
>crypto isakmp client configuration group xxxx
>crypto isakmp profile vpn
> match identity group alkaboosexch
is xxx the same as your match identity?
And has the device in front of your router port-forwarding for udp/500 and udp/4500 configured to your router-ip 192.168.1.254?
Have you double-checked the group-name and the PSK in the client?
09-01-2015 09:07 AM
09-01-2015 09:13 AM
Yes,
in front of the router is a modem which is configured for port forwarding for 1-65500 ports to 192.168.1.254
09-02-2015 06:37 AM
Hi karsten,
am still waiting for your replay, i have send you the debug file before.
regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide