1. Home
  2. Cisco Systems
  3. Why is it not funtioning?

Why is it not funtioning?

Why is it not functioning? I have a Cisco router 877 with static public IP that I want to set like an easy VPN server to open a tunnel for a client PC with dynamic IP public. The configuration of router is:

------------------ !version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R877-JMC ! boot-start-marker boot-end-marker ! logging buffered 51200 warnings enable secret 5 $1$gT68$p8Z.EZHkGBMS96kCBM3Jt. ! aaa new-model ! ! aaa authentication login default local aaa authentication login sdm_vpn_xauth_ml_1 local aaa authentication login sdm_vpn_xauth_ml_2 local aaa authorization exec default local aaa authorization network sdm_vpn_group_ml_1 local aaa authorization network sdm_vpn_group_ml_2 local aaa authorization network sdm_vpn_group_ml_3 local ! aaa session-id common ! resource policy ! clock timezone Paris 1 clock summer-time Paris date Mar 30 2003 2:00 Oct 26 2003 3:00 ip cef no ip dhcp use vrf connected ip dhcp excluded-address 10.10.10.1 ! ip dhcp pool sdm-pool import all network 10.10.10.0 255.255.255.248 default-router 10.10.10.1 lease 0 2 ! ! ip domain name yourdomain.com ! ! crypto pki trustpoint TP-self-signed-xxxxxxxxxx enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-xxxxxxxxxx revocation-check none rsakeypair TP-self-signed-xxxxxxxxxx ! ! crypto pki certificate chain TP-self-signed-xxxxxxxxxx certificate self-signed 01 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33

38303732 ... 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 38303732 quit username admin privilege 15 secret 5 $1$jgy.$2rqgbozIqumX/sVGuNUz2/ ! ! ! crypto isakmp policy 2 encr 3des hash md5 authentication pre-share group 2 crypto isakmp key address 80.102.0.0 255.255.0.0 ! crypto isakmp client configuration group vpn-group key dns 80.58.0.97 pool SDM_POOL_1 max-users 10 netmask 255.255.255.0 banner ^CPrueba Maurizio ^C ! ! crypto ipsec transform-set vpn_trasnf_set ah-md5-hmac esp-3des esp-md5-hmac ! crypto dynamic-map SDM_DYNMAP_1 1 set transform-set vpn_trasnf_set match address vpn_acl reverse-route ! ! crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_3 crypto map SDM_CMAP_1 client configuration address initiate crypto map SDM_CMAP_1 client configuration address respond crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1 ! ! ! interface ATM0 no ip address no atm ilmi-keepalive dsl operating-mode auto ! interface ATM0.6 point-to-point ip address 255.255.255.192 ip nat outside ip virtual-reassembly no snmp trap link-status pvc 8/32 encapsulation aal5snap ! crypto map SDM_CMAP_1 ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$ ip address 172.26.0.1 255.255.255.0 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 ! ip local pool SDM_POOL_1 172.27.0.1 172.27.0.10 ip route 0.0.0.0 0.0.0.0 ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 5 life 86400 requests 10000 ip nat inside source route-map SDM_RMAP_1 interface ATM0.6 overload ip nat inside source route-map SDM_RMAP_2 pool 172.26.0.10 ip nat inside source static tcp 172.26.0.10 25 interface ATM0.6 25 ! ip access-list extended correo remark Llegada correo remark SDM_ACL Category=2 deny ip any host 172.27.0.1 deny ip any host 172.27.0.2 deny ip any host 172.27.0.3 deny ip any host 172.27.0.4 deny ip any host 172.27.0.5 deny ip any host 172.27.0.6 deny ip any host 172.27.0.7 deny ip any host 172.27.0.8 deny ip any host 172.27.0.9 deny ip any host 172.27.0.10 permit tcp any eq smtp host ip access-list extended vpn_acl remark funcionamiento vpn remark SDM_ACL Category=4 permit ip 172.27.0.0 0.0.0.255 any ! access-list 1 remark INSIDE_IF=Vlan1 access-list 1 remark SDM_ACL Category=2 access-list 1 permit 172.26.0.0 0.0.0.255 access-list 100 remark SDM_ACL Category=2 access-list 100 deny ip any host 172.27.0.1 access-list 100 deny ip any host 172.27.0.2 access-list 100 deny ip any host 172.27.0.3 access-list 100 deny ip any host 172.27.0.4 access-list 100 deny ip any host 172.27.0.5 access-list 100 deny ip any host 172.27.0.6 access-list 100 deny ip any host 172.27.0.7 access-list 100 deny ip any host 172.27.0.8 access-list 100 deny ip any host 172.27.0.9 access-list 100 deny ip any host 172.27.0.10 access-list 100 permit ip 172.26.0.0 0.0.0.255 any no cdp run ! ! route-map SDM_RMAP_1 permit 1 match ip address 100 ! route-map SDM_RMAP_2 permit 1 match ip address correo ! ! control-plane ! line con 0 no modem enable line aux 0 line vty 0 4 transport input telnet ssh ! scheduler max-task-time 5000 ! webvpn context Default_context ssl authenticate verify all ! no inservice ! end

----------------------- When I try to open tunnel with the GreenBow it appears the error:

Default (SA CnxVpn1-P1) SEND phase 1 Aggressive Mode [SA] [KEY EXCH] [NONCE] [ID] [VID] [VID] [VID] [VID] Default (SA CnxVpn1-P1) RECV phase 1 Aggressive Mode [HASH] [SA] [KEY_EXCH] [NONCE] [ID] [NAT_D] [NAT_D] [VID] [VID] [VID] [VID] [VID] Default (SA CnxVpn1-P1) SEND phase 1 Aggressive Mode [HASH] [NAT_D] [NAT_D] Default phase 1 done: initiator id 80.102.20.239, responder

Default RECV Informational [HASH] [DELETE] Default deleted

While in the router console appears the error:

%CRYPTO-6-VPN_TUNNEL_STATUS: Group: does not exist

Can you help me to solve the problem?

Thanks in advance. Bye, Maurizio

Reply to
Maurizio
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.