hi This is net WAN --- c2801- some services - pix 506---LAN I try to create vpn remonte access using SDM on C2801 and wizard. Just for me. To establish secure connection I use cisco vpn client and...Connection from Lan network to c2801 (behing pix firewal ) work fine, but from outside (WAN) is refused (reason 412) In the same time over the same link, vpn client ,etc ipsec connection to pix work without any problem. I know some is broken in config ,but can't find. Don't have problems with pix but here I am surprised. part of config generated with sdm and wizard: thanks for help
aaa authorization network sdm_vpn_group_ml_3 local aaa authentication login sdm_vpn_xauth_ml_5 local ip access-list extended moja remark SDM_ACL Category=4 permit ip any PUBLIC log exit ip local pool SDM_POOL_1 192.168.15.1 192.168.15.6 crypto ipsec transform-set moja ah-md5-hmac esp-md5-hmac esp-aes 128 mode tunnel exit crypto ipsec transform-set ESP-3DES-SHA esp-sha-hmac esp-3des mode tunnel exit crypto dynamic-map SDM_DYNMAP_1 1 set transform-set ESP-3DES-SHA set security-association lifetime seconds 3600 set security-association lifetime kilobytes 2304000 reverse-route set security-association idle-time 28800 exit crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1 interface FastEthernet0/0 no crypto map crypto map SDM_CMAP_1 exit crypto isakmp policy 2 authentication pre-share encr 3des hash md5 group 2 lifetime 28800 exit crypto isakmp policy 1 authentication pre-share encr 3des hash sha group 2 lifetime 86400 exit crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_3 crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_5 crypto map SDM_CMAP_1 client configuration address respond crypto isakmp client configuration group adminek key 0 ********* pool SDM_POOL_1 acl moja include-local-lan netmask 255.255.255.248 exit