Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
286
Views
0
Helpful
4
Replies

remote Access VPN issue

Mohammed Al-odhari
Level 4
Level 4

‎09-01-2015 08:12 AM - edited ‎02-21-2020 08:26 PM

Hi all,

am try to configure RAvpn using i-map once and other using below config but my vpn client cant connect.

Is there anything missing, plz help

!
hostname VPNRouTer
!
aaa new-model
!
aaa authentication login acs local
aaa authorization network acs local
!
aaa session-id common
!
dot11 syslog
ip source-route
!
ip cef
ip name-server 8.8.8.8
no ipv6 cef
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
license udi pid CISCO1841 sn FTX0952W014
username cisco privilege 15 password 7 0822455D0A165445415F59
username admin privilege 15 password 7 011807065404155E731F
!
redundancy
!
crypto isakmp policy 10
 encr 3des
 hash md5
 authentication pre-share
 group 2
!
crypto isakmp client configuration group xxxx
 key xxxx
 pool mypool
 acl 101
 save-password
crypto isakmp profile vpn
   match identity group alkaboosexch
   client authentication list acs
   isakmp authorization list acs
   client configuration address respond
   virtual-template 2
!
!
crypto ipsec transform-set test esp-3des esp-md5-hmac
!
crypto ipsec profile vpn1
 set transform-set test
 set isakmp-profile vpn
!

!
interface FastEthernet0/0
 ip address 192.168.0.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 192.168.1.254 255.255.255.0
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface Virtual-Template2 type tunnel
 ip unnumbered FastEthernet0/1
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile vpn1
!
ip local pool mypool 192.168.30.1 192.168.30.10
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 171 interface FastEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
access-list 101 permit ip 192.168.0.0 0.0.0.255 192.168.30.0 0.0.0.255
access-list 171 deny   ip 192.168.0.0 0.0.0.255 192.168.30.0 0.0.0.255
access-list 171 permit ip any any
!

Labels:
0 Helpful
4 Replies 4

Karsten Iwen
VIP
VIP

‎09-01-2015 08:57 AM

> am try to configure RAvpn using i-map once and other using below config but my vpn client cant connect.

What is the log-message in the client and are there any debugs (for example "debug crypto isakmp") on the router?

> username cisco privilege 15 password 7 ...
> username admin privilege 15 password 7 ...

please change your passwords immediately. You posted them in nearly cleartext.

>crypto isakmp client configuration group xxxx
>crypto isakmp profile vpn
>   match identity group alkaboosexch

is xxx the same as your match identity?


And has the device in front of your router port-forwarding for udp/500 and udp/4500 configured to your router-ip 192.168.1.254?

Have you double-checked the group-name and the PSK in the client?

0 Helpful

Mohammed Al-odhari
Level 4
Level 4
In response to Karsten Iwen

‎09-01-2015 09:07 AM

Hi karsten,

attached is the debug file and yes i have checked group name and password.

 

please help

Preview file
20 KB
0 Helpful

Mohammed Al-odhari
Level 4
Level 4
In response to Karsten Iwen

‎09-01-2015 09:13 AM

Yes,

in front of the router is a modem which is configured for port forwarding for 1-65500 ports  to 192.168.1.254

0 Helpful

Mohammed Al-odhari
Level 4
Level 4
In response to Karsten Iwen

‎09-02-2015 06:37 AM

Hi karsten,

am still waiting for your replay, i have send you the debug file before.

 

regards,

0 Helpful
Customers Also Viewed These Support Documents