1. Home
  2. Cisco Systems
  3. crypto engine failed to allocate a connection ID for negotiation from

crypto engine failed to allocate a connection ID for negotiation from

Hi,

receiving this error from a c837 during attemp to establish a Vpn connection. I'm the only user.

What's wrong ?

Here it is the config running:

!This is the running config of the router: 192.168.10.101 !---------------------------------------------------------------------------- !version 12.3 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname CF-VPN ! boot-start-marker boot-end-marker ! security authentication failure rate 3 log security passwords min-length 6 logging buffered 51200 debugging logging console critical enable secret 5 $1$rxxxxxx7wAndetSB60egpf.m1 enable password 7 xxxxxx70A0E70 ! aaa new-model ! ! aaa authentication login userlist group radius local aaa authorization network grouplist group radius local aaa session-id common ! resource manager ! clock timezone PCTime 1 clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00 ip subnet-zero no ip source-route ! ! no ip dhcp use vrf connected ip dhcp excluded-address 192.168.10.1 192.168.10.101 ip dhcp excluded-address 192.168.10.121 192.168.10.254 ! ip dhcp pool sdm-pool1 import all network 192.168.10.0 255.255.255.0 dns-server 192.168.10.1 151.99.125.2 default-router 192.168.10.101 ! ! ip tcp synwait-time 10 ip cef ip domain name studio.local ip name-server 192.168.10.1 ip name-server 151.99.125.2 no ip bootp server ip inspect name DEFAULT100 cuseeme ip inspect name DEFAULT100 ftp ip inspect name DEFAULT100 h323 ip inspect name DEFAULT100 icmp ip inspect name DEFAULT100 netshow ip inspect name DEFAULT100 rcmd ip inspect name DEFAULT100 realaudio ip inspect name DEFAULT100 rtsp ip inspect name DEFAULT100 esmtp ip inspect name DEFAULT100 sqlnet ip inspect name DEFAULT100 streamworks ip inspect name DEFAULT100 tftp ip inspect name DEFAULT100 tcp ip inspect name DEFAULT100 udp ip inspect name DEFAULT100 vdolive no ip ips deny-action ips-interface ip ssh time-out 60 ip ssh authentication-retries 2 ! no ftp-server write-enable ! crypto pki trustpoint TP-self-signed-1807494621 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1807494621 revocation-check none rsakeypair TP-self-signed-1807494621 ! ! crypto pki certificate chain TP-self-signed-1807494621 certificate self-signed 01 30820253 308201BC A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2DEEE355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 31383037 34393436 3231301E 170D3038 30313138 31373337 32325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38303734 39343632 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100A28A 9A7104C8 401BBCF8 8ACA1EDB FC31835C 4AAE658E A62F257A BCCFE5FA 6FC737F2 9F35EB91 AADEADC8 541D67D5 482F1CFC 1DF3C37A F49C3059 C0509C4F 9E477892 B88E23D8 963D0930 5F8A2BEA 8D668A40 E97807E4 F432C038 5DE3A426 205A2916 6BF34492 A73FC4E8 71F50A2D 3980D83B 00F1B393 4ABDD314 014E803D 98E30203 010001A3 7B307930 0F060355 1D130101 FF040530 030101FF 30260603 551D1104 1F301D82 1B43462D 56EEEE2E 73747564 696F6365 72666F67 6C692E6C 6F63616C 301F0603 551D2304 18301680 149F6210 5A8D63BB EC95F157 B5344A05 8E17F6B9 62301D06 03551D0E 04160414 9F62105A 8D6EEEEC 95F157B5 344A058E 17F6B962 300D0609 2A864886 F70D0101 04050003 81810047 673E7CA7 2A1C59B0 E5358222 03B6B0CF 81DCC3AC 570DFD51 32B6F6C5 186F4C43 A543DCFD EE96235C A7D934E6 2CA7EDE3 316DF833 66D8BFB9 DA184CAF F713109C 1FF45833 812C1A21 8E867DED 74BE3EF2 D881501D F9054B06 C8E97E2D 042ADA9B FE1CE6DC F419A34A C810D9CC 1D8C87A3 BD51A8E5 A0213418 B34DAEB5 FE9251 quit username giorgio privilege 15 secret 5 $1$b24234NwsPsrlf5jxvLkpt7A6WH. username bertogli password 7 014343465E191200 ! ! ! crypto isakmp policy 1 group 2 ! crypto isakmp policy 3 hash md5 authentication pre-share group 2 crypto isakmp identity hostname ! crypto isakmp client configuration group clienti key zonatura domain studio.local pool green ! ! crypto ipsec transform-set dessha esp-3des esp-sha-hmac ! crypto dynamic-map mode 1 set transform-set dessha ! ! crypto map mode client authentication list userlist crypto map mode isakmp authorization list grouplist crypto map mode client configuration address respond crypto map mode 1 ipsec-isakmp dynamic mode ! ! ! interface Ethernet0 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-Ethernet

10/100$$ES_LAN$$FW_INSIDE$ ip address 192.168.10.101 255.255.255.0 ip access-group 100 in no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip route-cache flow ip tcp adjust-mss 1412 hold-queue 100 out ! interface Ethernet2 no ip address no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow shutdown hold-queue 100 out ! interface ATM0 no ip address no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow no atm ilmi-keepalive dsl operating-mode auto ! interface ATM0.1 point-to-point description $ES_WAN$$FW_OUTSIDE$ pvc 8/35 oam-pvc manage pppoe-client dial-pool-number 1 ! ! interface FastEthernet1 no ip address duplex auto speed auto ! interface FastEthernet2 no ip address duplex auto speed auto ! interface FastEthernet3 no ip address duplex auto speed auto ! interface FastEthernet4 no ip address duplex auto speed auto ! interface Dialer0 description $FW_OUTSIDE$ ip address 217.111.111.111 255.255.255.252 ip access-group 101 in no ip redirects no ip unreachables no ip proxy-arp ip mtu 1452 ip nat outside ip inspect DEFAULT100 out ip virtual-reassembly encapsulation ppp ip route-cache flow dialer pool 1 dialer-group 1 ppp authentication chap pap callin ppp chap hostname snipped-for-privacy@tiscali.it ppp chap password 7 14354f5542B180205 ppp pap sent-username snipped-for-privacy@tiscali.it password 7 143BrwerweB180205 crypto map mode ! ip local pool green 192.168.20.10 192.168.20.20 ip classless ip route 0.0.0.0 0.0.0.0 Dialer0 ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload ip nat inside source route-map SDM_RMAP_2 interface Dialer0 overload ! logging trap debugging access-list 1 remark INSIDE_IF=Ethernet0 access-list 1 remark SDM_ACL Category=2 access-list 1 permit 192.168.10.0 0.0.0.255 access-list 100 remark auto generated by Cisco SDM Express firewall configuration access-list 100 remark SDM_ACL Category=1 access-list 100 deny ip 217.111.111.111 0.0.0.3 any access-list 100 deny ip host 255.255.255.255 any access-list 100 deny ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip any any access-list 101 remark auto generated by Cisco SDM Express firewall configuration access-list 101 remark SDM_ACL Category=1 access-list 101 permit ip host 192.168.20.10 any access-list 101 permit ip host 192.168.20.11 any access-list 101 permit ip host 192.168.20.12 any access-list 101 permit ip host 192.168.20.13 any access-list 101 permit ip host 192.168.20.14 any access-list 101 permit ip host 192.168.20.15 any access-list 101 permit ip host 192.168.20.16 any access-list 101 permit ip host 192.168.20.17 any access-list 101 permit ip host 192.168.20.18 any access-list 101 permit ip host 192.168.20.19 any access-list 101 permit ip host 192.168.20.20 any access-list 101 permit udp any host 217.111.111.111 eq non500-isakmp access-list 101 permit udp any host 217.111.111.111 eq isakmp access-list 101 permit esp any host 217.111.111.111 access-list 101 permit ahp any host 217.111.111.111 access-list 101 permit udp host 151.99.125.2 eq domain host 217.111.111.111 access-list 101 permit udp host 192.168.10.1 eq domain host 217.111.111.111 access-list 101 deny ip 192.168.10.0 0.0.0.255 any access-list 101 permit icmp any host 217.111.111.111 echo-reply access-list 101 permit icmp any host 217.111.111.111 time-exceeded access-list 101 permit icmp any host 217.111.111.111 unreachable access-list 101 deny ip 10.0.0.0 0.255.255.255 any access-list 101 deny ip 172.16.0.0 0.15.255.255 any access-list 101 deny ip 192.168.0.0 0.0.255.255 any access-list 101 deny ip 127.0.0.0 0.255.255.255 any access-list 101 deny ip host 255.255.255.255 any access-list 101 deny ip host 0.0.0.0 any access-list 101 deny ip any any access-list 102 remark SDM_ACL Category=2 access-list 102 deny ip any host 192.168.20.10 access-list 102 deny ip any host 192.168.20.11 access-list 102 deny ip any host 192.168.20.12 access-list 102 deny ip any host 192.168.20.13 access-list 102 deny ip any host 192.168.20.14 access-list 102 deny ip any host 192.168.20.15 access-list 102 deny ip any host 192.168.20.16 access-list 102 deny ip any host 192.168.20.17 access-list 102 deny ip any host 192.168.20.18 access-list 102 deny ip any host 192.168.20.19 access-list 102 deny ip any host 192.168.20.20 access-list 102 permit ip 192.168.10.0 0.0.0.255 any dialer-list 1 protocol ip permit no cdp run ! route-map SDM_RMAP_1 permit 1 match ip address 102 ! route-map SDM_RMAP_2 permit 1 match ip address 102 ! ! control-plane ! banner login ^CCAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user!^C ! line con 0 exec-timeout 0 0 no modem enable length 25 transport preferred all transport output telnet line aux 0 transport preferred all transport output telnet line vty 0 4 privilege level 15 transport preferred all transport input telnet ssh transport output all ! scheduler max-task-time 5000 scheduler interval 500 end
Reply to
Tanja
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.