04-23-2010 05:55 AM
Mar 1 09:23:12.295: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at 201.70.32.102
This is the config of router:
Router#sh run
Building configuration...
Current configuration : 1772 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
crypto isakmp client configuration address-pool local ourpool
!
!
crypto ipsec transform-set trans1 esp-des esp-md5-hmac
!
crypto dynamic-map dynmap 10
set transform-set trans1
!
!
crypto map intmap client configuration address initiate
crypto map intmap client configuration address respond
crypto map intmap 10 ipsec-isakmp dynamic dynmap
!
!
!
interface FastEthernet0/0
ip address 201.70.32.101 255.255.255.0
ip nat outside
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
no ip mroute-cache
duplex auto
speed auto
crypto map intmap
!
interface Serial0/0
no ip address
shutdown
no fair-queue
clock rate 2000000
!
interface FastEthernet0/1
ip address 10.2.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
!
ip local pool ourpool 10.2.1.1 10.2.1.254
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 201.70.32.1
!
ip http server
no ip http secure-server
ip nat pool outsidepool 201.70.32.150 201.70.32.160 netmask 255.255.255.0
ip nat inside source route-map nonat pool outsidepool
!
access-list 101 deny ip 10.2.2.0 0.0.0.255 10.2.1.0 0.0.0.255
access-list 101 permit ip 10.2.2.0 0.0.0.255 any
route-map nonat permit 10
match ip address 101
!
!
!
!
control-plane
!
!
!
!
line con 0
line aux 0
line vty 0 4
password ww
login
!
!
end
In the vpn client fields "name" and "password", i don't be sure that what i must configure. Someone can help me?
Thanks
Solved! Go to Solution.
04-23-2010 06:02 AM
Your router has not been fully configured for VPN client access.
Here is a sample configuration for your reference:
04-27-2010 02:45 AM
The bug is fixed in version 12.4(23a), and yes, 15.1(M1) also has the bug fix.
04-23-2010 06:02 AM
Your router has not been fully configured for VPN client access.
Here is a sample configuration for your reference:
04-23-2010 12:08 PM
just what I needed. Thanks!!
04-26-2010 05:49 AM
Hi all,
Ok, the VPN connection works and obtain an IP address in the pool but this message appears. Can someone explain it properly?.
*Mar 1 10:21:23.375: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=2002 local=172.18.124.159 remote=172.18.124.160 spi=E3FAB83D seqno=00000100
Thanks
04-26-2010 06:00 AM
Seems to be just cosmetic bug as follows bugID: CSCsv43145:
04-26-2010 06:30 AM
Oh, sorry. I am not Registered Customers or partners so that I can not prove it. Please explain what the bug and if it can solve
04-26-2010 06:35 AM
What is the version of router? If it is in the affected version, then it is cosmetic only bug and does not have any functional impact.
You can upgrade the router to the version which is not impacted, however, it is cosmetic only as advised., so nothing to worry about (depending on the version of your router).
04-27-2010 12:15 AM
Hi,
I'm doing tests with a 2691 Router and “c2691-advsecurityk9-mz.124-23.bin” IOS, but really I have to deploy it to a 2911 with “c2900-universalk9-mz.SPA.150-1.M1.bin” IOS.
Can you tell me if in the most current fix the bug?
Thanks
04-27-2010 02:45 AM
The bug is fixed in version 12.4(23a), and yes, 15.1(M1) also has the bug fix.
04-27-2010 06:06 AM
Thanks!!!!!!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide