05-05-2003 07:07 AM - edited 02-21-2020 12:31 PM
I have installed vpn client 3.0.1 in windows 2000 proffesional pc and trying to make a secure connection to a cisco 3640 vpn enabled router IOs 12.2(8) .when i try to connect i get message"Failed to establish a secure connection to the security gateway."
My configuration is as below
!
crypto isakmp policy 20
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group 3000client
key cisco123
pool ourpool
!
crypto ipsec transform-set vpnclient esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 10
set transform-set vpnclient
!
crypto map combined client configuration address initiate
crypto map combined client configuration address respond
!
crypto map combined 40 ipsec-isakmp dynamic dynmap
!
ip local pool ourpool 10.2.1.1 10.2.1.254
!
Any help would be highhly appreciated.
Thanks for fast responce
05-05-2003 04:48 PM
You're missing the authentication/authorization part of the confguration. Add the following:
> aaa new-model
> aaa authentication login userauthen group local
> aaa authorization network groupauthor local
> crypto map combined client authentication list userauthen
> crypto map combined isakmp authorization list groupauthor
Make sure the crypto map is applied to the outside interface.
See http://www.cisco.com/warp/public/480/ipsec-ios-tacacs.html for an example. Note this does TACACS user authentication, what I've shown above will do local user authentication, so you'll need to add:
> username
commands onto the router for each user also.
05-05-2003 10:33 PM
Hi gfullage,
thanks for the reply.Now I am able to get a connection to the secure gateway.So the authentication is a important part in this configurtation.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide