02-03-2009 06:50 AM
I have a 7200 router currently configured w/ vpn clients. I am attempting to add a dynamic l2l tunnel to it. When I do, I am no longer able to connect using the vpn client. I following the configuration in the following url.
http://cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801dddbb.shtml
As soon as I add...
crypto dynamic-map dynmap 5
set isakmp-profile VPNclient
the vpn client no longer works. Don't have access to the config right now as I took it all out. Anyone have this working properly?
Solved! Go to Solution.
02-13-2009 09:15 AM
It seems they are not even landing on any tunnel since there is no keyring with what to identify them it does not go further, unless your outputs show something else, show crypto isakmp sa
02-13-2009 09:39 AM
The tunnels are coming up, but they seem to be bouncing up and down.
dst src state conn-id slot
x.x.x.1 192.168.10.1 QM_IDLE 548 0
x.x.x.2 192.168.10.1 QM_IDLE 603 0
x.x.x.3 192.168.10.1 MM_NO_STATE 638 0 (deleted)
x.x.x.4 192.168.10.1 QM_IDLE 629 0
x.x.x.5 192.168.10.1 QM_IDLE 599 0
192.168.10.1 x.x.x.6 QM_IDLE 610 0 L2L
192.168.10.1 x.x.x.7 QM_IDLE 627 0 VPNclient
192.168.10.1 x.x.x.8 QM_IDLE 636 0 VPNclient
x.156.x.157 x.x.x.9 QM_IDLE 639 0
x.71.x.52 x.x.x.10 MM_NO_STATE 637 0 (deleted)
x.201.x.43 x.x.x.11 QM_IDLE 622 0
02-13-2009 09:45 AM
OK, mhhh I think it is an issue with the config, give it a shot to one of the L2L that is bouncing, set it to profile and keyring, what is the result.
02-19-2009 11:27 AM
Hello guys
I have a similar problem with Dynamic peers, static peers and VPN clients.
I'm using isakmp profiles and keyrings for dynamic peers and vpn clients but not for that static tunnel.
What happens is that when I try to establish the dynamic tunnel the router asks for XAUTH, which was suppose to be bypassed if I'm not wrong... vpn clients and static tunnel works fine.
Could anyone give me a hint?
Thanks.
Guilherme
02-20-2009 08:19 AM
So far so good. Thanks for the help.
02-19-2009 06:56 PM
hai,can u please hlep me to create site to site tunnel vpn...
if possible can u please share the doc too.
02-20-2009 08:25 AM
Hey, basically you need to create another profile for your static vpn tunnels with a keyring too, follow the doc at the very top of this post just adapt it to your setup.
02-20-2009 08:42 AM
Hey,
Thanks for your reply.
I configured my dynamic VPNs using that doc, I'm going to try doing the same with static tunnels and see what happen.
Regards,
Guilherme
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide