cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
320
Views
0
Helpful
2
Replies

vpn client 3.0.1 not able to connect to router 3640(configuration below)

sudhakar.joseph
Level 1
Level 1

I have installed vpn client 3.0.1 in windows 2000 proffesional pc and trying to make a secure connection to a cisco 3640 vpn enabled router IOs 12.2(8) .when i try to connect i get message"Failed to establish a secure connection to the security gateway."

My configuration is as below

!

crypto isakmp policy 20

encr 3des

hash md5

authentication pre-share

group 2

!

crypto isakmp client configuration group 3000client

key cisco123

pool ourpool

!

crypto ipsec transform-set vpnclient esp-3des esp-md5-hmac

!

crypto dynamic-map dynmap 10

set transform-set vpnclient

!

crypto map combined client configuration address initiate

crypto map combined client configuration address respond

!

crypto map combined 40 ipsec-isakmp dynamic dynmap

!

ip local pool ourpool 10.2.1.1 10.2.1.254

!

Any help would be highhly appreciated.

Thanks for fast responce

2 Replies 2

gfullage
Cisco Employee
Cisco Employee

You're missing the authentication/authorization part of the confguration. Add the following:

> aaa new-model

> aaa authentication login userauthen group local

> aaa authorization network groupauthor local

> crypto map combined client authentication list userauthen

> crypto map combined isakmp authorization list groupauthor

Make sure the crypto map is applied to the outside interface.

See http://www.cisco.com/warp/public/480/ipsec-ios-tacacs.html for an example. Note this does TACACS user authentication, what I've shown above will do local user authentication, so you'll need to add:

> username password

commands onto the router for each user also.

Hi gfullage,

thanks for the reply.Now I am able to get a connection to the secure gateway.So the authentication is a important part in this configurtation.

tanweer@mdsuae.co.ae