Re: vpn configuration problems 2621xm and vpn client

pamirian76 · ‎08-01-2007

hello,

I'm trying to configure my home cisco 2621xm to accept vpn connections. I've used many cisco pdf documents and they all same almost the same so I've done my configuration using these documents.

now I just can't get past this error message I'm getting and I have no idea why this is happening.

any ideas to help me get past this step, I'm really stuck here.

also, I've tried vpn client version 5 and 4.8

cisco ios version is:

Cisco IOS Software, C2600 Software (C2600-ADVIPSERVICESK9-M), Version 12.4(16), RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Compiled Wed 20-Jun-07 05:48 by prod_rel_team

ROM: System Bootstrap, Version 12.2(7r) [cmong 7r], RELEASE SOFTWARE (fc1)

vision-router-01 uptime is 2 hours, 53 minutes

System returned to ROM by power-on

System image file is "flash:c2600-advipservicesk9-mz.124-16.bin"

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

Cisco 2621XM (MPC860P) processor (revision 1.0) with 127308K/3764K bytes of memory.

Processor board ID JAD06350FM7

M860 processor: part number 5, mask 2

2 FastEthernet interfaces

32K bytes of NVRAM.

49152K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102

-------------------------

here is my the config that's vpn related

aaa authentication login MYTAC group tacacs+ local enable

aaa authorization network GROUPAUTHOR local

username someuser password 0 somepassword

crypto isakmp policy 5

encr aes 256

authentication pre-share

group 2

crypto isakmp keepalive 10 periodic

!

crypto isakmp client configuration group VTELVPN

key cisco123

dns 192.168.10.5

domain xyz.com

pool VTELVPNPOOL

crypto ipsec transform-set VTELSET1 esp-aes esp-sha-hmac

!

crypto dynamic-map VTELDYNAMAP 10

set transform-set VTELSET1

set identity thisrouter-01

reverse-route

crypto map VTELCLIENTMAP client authentication list MYTAC

crypto map VTELCLIENTMAP isakmp authorization list GROUPAUTOHOR

crypto map VTELCLIENTMAP client configuration address respond

crypto map VTELCLIENTMAP 10 ipsec-isakmp dynamic VTELDYNAMAP

interface Dialer1

ip address negotiated

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

no cdp enable

ppp chap hostname xxxxxx

ppp chap password 7 hahahahohoho

ppp pap sent-username xxxxxx password 7 hahahahohoho

crypto map VTELCLIENTMAP

!

ip local pool VTELVPNPOOL 192.168.6.3 192.168.6.254

spremkumar · ‎08-01-2007

Hi

Can you try assigning a static ip to the dialer interface and try checking out the vpn connectivity ?

regds

mattiaseriksson · ‎08-02-2007

Hi, try to remove this statement: set identity thisrouter-01

pamirian76 · ‎08-02-2007

this did not change a thing.

and no I can not get a static ip but I doubt it has anything to do with it.

pamirian76 · ‎08-02-2007

issue fixed.