cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
802
Views
8
Helpful
22
Replies

Router w/ Dynamic L2L Tunnel and VPN Clients

acomiskey
Advocate
Advocate

I have a 7200 router currently configured w/ vpn clients. I am attempting to add a dynamic l2l tunnel to it. When I do, I am no longer able to connect using the vpn client. I following the configuration in the following url.

http://cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801dddbb.shtml

As soon as I add...

crypto dynamic-map dynmap 5

set isakmp-profile VPNclient

the vpn client no longer works. Don't have access to the config right now as I took it all out. Anyone have this working properly?

22 Replies 22

It seems they are not even landing on any tunnel since there is no keyring with what to identify them it does not go further, unless your outputs show something else, show crypto isakmp sa

The tunnels are coming up, but they seem to be bouncing up and down.

dst src state conn-id slot

x.x.x.1 192.168.10.1 QM_IDLE 548 0

x.x.x.2 192.168.10.1 QM_IDLE 603 0

x.x.x.3 192.168.10.1 MM_NO_STATE 638 0 (deleted)

x.x.x.4 192.168.10.1 QM_IDLE 629 0

x.x.x.5 192.168.10.1 QM_IDLE 599 0

192.168.10.1 x.x.x.6 QM_IDLE 610 0 L2L

192.168.10.1 x.x.x.7 QM_IDLE 627 0 VPNclient

192.168.10.1 x.x.x.8 QM_IDLE 636 0 VPNclient

x.156.x.157 x.x.x.9 QM_IDLE 639 0

x.71.x.52 x.x.x.10 MM_NO_STATE 637 0 (deleted)

x.201.x.43 x.x.x.11 QM_IDLE 622 0

OK, mhhh I think it is an issue with the config, give it a shot to one of the L2L that is bouncing, set it to profile and keyring, what is the result.

Hello guys

I have a similar problem with Dynamic peers, static peers and VPN clients.

I'm using isakmp profiles and keyrings for dynamic peers and vpn clients but not for that static tunnel.

What happens is that when I try to establish the dynamic tunnel the router asks for XAUTH, which was suppose to be bypassed if I'm not wrong... vpn clients and static tunnel works fine.

Could anyone give me a hint?

Thanks.

Guilherme

So far so good. Thanks for the help.

hai,can u please hlep me to create site to site tunnel vpn...

if possible can u please share the doc too.

Hey, basically you need to create another profile for your static vpn tunnels with a keyring too, follow the doc at the very top of this post just adapt it to your setup.

Hey,

Thanks for your reply.

I configured my dynamic VPNs using that doc, I'm going to try doing the same with static tunnels and see what happen.

Regards,

Guilherme

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers