09-13-2011 03:34 AM
Hi,
I'm trying to enable DMVPN endpoints from dynamic IP addresses, e.g. adding in:
crypto isakmp key XXXXXXX address 0.0.0.0 0.0.0.0 no-xauth
The problem is when I add this line, it breaks our remote VPN Client. Removing the line makes everything work fine again, except I can't add a DMVPN endpoint that has a dynamic IP.
Presently all DMVPN spokes have static IP addresses configured and individual keys for each (I'm trying to simply/cut down our config and use a single key for all of them plus enable staff from home on dynamic IP's).
I can't tell if this is an IOS bug, or if I need to configure something differently.
Our VPN client is configured as a dynamic map, e.g.:
crypto isakmp client configuration group vpnclient
key RAH RAH RAH
etc.
crypto isakmp profile vpnclient
match identity group vpnclient
client authentication list vpnuser
isakmp authorization list vpngroup
client configuration address respond
crypto ipsec transform-set VPNCLIENT esp-aes 256 esp-sha-hmac
crypto dynamic-map vpnclient 10
set transform-set VPNCLIENT
set pfs group2
set isakmp-profile vpnclient
crypto map vpn 65535 ipsec-isakmp dynamic vpnclient
And then attached to my WAN interface as crypto map.
09-13-2011 05:41 AM
Hi Scott,
What IOS Version are you using ? I don't see any reason that this command would break Remote VPN Connectivity.
Maybe you can try
crypto isakmp key XXXXXXX address 0.0.0.0 0.0.0.0 (remove the no-xauth, as it's not needed).
Otherwise, you may share output of debug crypto isakmp to see exactly what is failing when the remote users are connecting.
Regards,
Bastien
03-13-2013 10:46 AM
Hi there, I was wandering if you were able to figure out a solution? I am having the same issue.
03-13-2013 11:59 AM
Hi there,
You should use ISAKMP profiles:
DMVPN and Easy VPN Server with ISAKMP Profiles Configuration Example
HTH.
Portu.
03-13-2013 06:50 PM
Thanks I was able to fix my issue following steps on that site.
03-14-2013 06:22 AM
Nice to hear that.
Please rate any helpful posts and mark this post as answered.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide