Hi
I am trying to setup a VPN client to a Cisco 1811 router. I keep getting "no private ip address was assigned by the peer" in my vpn client logs. Any help would be appreciated.
Here is my config
Building configuration...
Current configuration : 8583 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname temp
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
no logging console
!
aaa new-model
!
!
aaa session-id common
!
resource policy
!
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.5.254
ip dhcp excluded-address 192.168.6.254
!
ip dhcp pool vlan5
import all
network 192.168.5.0 255.255.255.0
default-router 192.168.5.254
dns-server 192.168.5.2
!
ip dhcp pool vlan8
import all
network 192.168.8.0 255.255.255.0
default-router 192.168.8.254
!
!
no ip domain lookup
ip ssh time-out 60
ip ssh authentication-retries 2
ip inspect log drop-pkt
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
crypto isakmp keepalive 120 15
!
crypto isakmp client configuration group vpn-group1
key testvpn
pool vlan8-2
!
!
crypto ipsec transform-set thisset esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 10
set transform-set thisset
!
!
!
crypto map clientmap client authentication list vpnauth
crypto map clientmap isakmp authorization list vpnautho
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!
!
interface Loopback0
no ip address
!
interface FastEthernet0
description to DSL modem
ip address 192.168.2.2 255.255.255.0
ip access-group test-in in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip nat enable
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no cdp enable
crypto map clientmap
!
interface FastEthernet2
description FastEthernet2
switchport access vlan 5
spanning-tree portfast
!
interface Vlan1
no ip address
shutdown
!
interface Vlan5
description Inside Lan
ip address 192.168.5.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan8
description VPN
ip address 192.168.8.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Async1
no ip address
encapsulation slip
!
ip local pool vlan8-2 192.168.8.5 192.168.8.10
ip default-gateway 192.168.2.1
ip route 0.0.0.0 0.0.0.0 192.168.2.1
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat pool vlan5-nat 192.168.2.2 192.168.2.2 netmask 255.255.255.0
ip nat pool vlan8-nat 192.168.2.2 192.168.2.2 netmask 255.255.255.0
ip nat inside source list 1 pool vlan5-nat overload
ip nat inside source list 3 pool vlan8-nat overload
!
ip access-list extended test-in
permit udp any host 192.168.2.2 eq non500-isakmp
permit udp any host 192.168.2.2 eq isakmp
permit esp any host 192.168.2.2
permit ahp any host 192.168.2.2
deny tcp any any eq 161
deny udp any any eq snmp
deny tcp any any eq 445
deny udp any any eq 445
deny udp any any eq 23
deny tcp any any eq telnet
deny tcp any any eq 135
deny udp any any eq 135
deny udp any any eq netbios-ss
deny tcp any any eq 139
deny tcp any any eq ident
deny udp any any eq 113
permit ip any any
!
access-list 1 permit 192.168.5.0 0.0.0.255
access-list 3 permit 192.168.8.0 0.0.0.255
access-list 100 permit ip 192.168.5.0 0.0.0.255 any
access-list 103 permit ip 192.168.8.0 0.0.0.255 any
!
!
!
control-plane
!
!
line con 0
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
privilege level 15
transport input telnet ssh
!
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end
I am trying to setup a VPN client to a Cisco 1811 router. I keep getting "no private ip address was assigned by the peer" in my vpn client logs. Any help would be appreciated.
Here is my config
Building configuration...
Current configuration : 8583 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname temp
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
no logging console
!
aaa new-model
!
!
aaa session-id common
!
resource policy
!
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.5.254
ip dhcp excluded-address 192.168.6.254
!
ip dhcp pool vlan5
import all
network 192.168.5.0 255.255.255.0
default-router 192.168.5.254
dns-server 192.168.5.2
!
ip dhcp pool vlan8
import all
network 192.168.8.0 255.255.255.0
default-router 192.168.8.254
!
!
no ip domain lookup
ip ssh time-out 60
ip ssh authentication-retries 2
ip inspect log drop-pkt
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
crypto isakmp keepalive 120 15
!
crypto isakmp client configuration group vpn-group1
key testvpn
pool vlan8-2
!
!
crypto ipsec transform-set thisset esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 10
set transform-set thisset
!
!
!
crypto map clientmap client authentication list vpnauth
crypto map clientmap isakmp authorization list vpnautho
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!
!
interface Loopback0
no ip address
!
interface FastEthernet0
description to DSL modem
ip address 192.168.2.2 255.255.255.0
ip access-group test-in in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip nat enable
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no cdp enable
crypto map clientmap
!
interface FastEthernet2
description FastEthernet2
switchport access vlan 5
spanning-tree portfast
!
interface Vlan1
no ip address
shutdown
!
interface Vlan5
description Inside Lan
ip address 192.168.5.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan8
description VPN
ip address 192.168.8.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Async1
no ip address
encapsulation slip
!
ip local pool vlan8-2 192.168.8.5 192.168.8.10
ip default-gateway 192.168.2.1
ip route 0.0.0.0 0.0.0.0 192.168.2.1
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat pool vlan5-nat 192.168.2.2 192.168.2.2 netmask 255.255.255.0
ip nat pool vlan8-nat 192.168.2.2 192.168.2.2 netmask 255.255.255.0
ip nat inside source list 1 pool vlan5-nat overload
ip nat inside source list 3 pool vlan8-nat overload
!
ip access-list extended test-in
permit udp any host 192.168.2.2 eq non500-isakmp
permit udp any host 192.168.2.2 eq isakmp
permit esp any host 192.168.2.2
permit ahp any host 192.168.2.2
deny tcp any any eq 161
deny udp any any eq snmp
deny tcp any any eq 445
deny udp any any eq 445
deny udp any any eq 23
deny tcp any any eq telnet
deny tcp any any eq 135
deny udp any any eq 135
deny udp any any eq netbios-ss
deny tcp any any eq 139
deny tcp any any eq ident
deny udp any any eq 113
permit ip any any
!
access-list 1 permit 192.168.5.0 0.0.0.255
access-list 3 permit 192.168.8.0 0.0.0.255
access-list 100 permit ip 192.168.5.0 0.0.0.255 any
access-list 103 permit ip 192.168.8.0 0.0.0.255 any
!
!
!
control-plane
!
!
line con 0
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
privilege level 15
transport input telnet ssh
!
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end