Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco 1811 and VPN client

Status
Not open for further replies.
goverd

goverd

ISP
Mar 1, 2006
19
0
0
CA
Hi

I am trying to setup a VPN client to a Cisco 1811 router. I keep getting "no private ip address was assigned by the peer" in my vpn client logs. Any help would be appreciated.

Here is my config

Building configuration...

Current configuration : 8583 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname temp
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
no logging console
!
aaa new-model
!
!
aaa session-id common
!
resource policy
!
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.5.254
ip dhcp excluded-address 192.168.6.254
!
ip dhcp pool vlan5
import all
network 192.168.5.0 255.255.255.0
default-router 192.168.5.254
dns-server 192.168.5.2
!
ip dhcp pool vlan8
import all
network 192.168.8.0 255.255.255.0
default-router 192.168.8.254
!
!
no ip domain lookup
ip ssh time-out 60
ip ssh authentication-retries 2
ip inspect log drop-pkt
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
crypto isakmp keepalive 120 15
!
crypto isakmp client configuration group vpn-group1
key testvpn
pool vlan8-2
!
!
crypto ipsec transform-set thisset esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 10
set transform-set thisset
!
!
!
crypto map clientmap client authentication list vpnauth
crypto map clientmap isakmp authorization list vpnautho
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!
!
interface Loopback0
no ip address
!
interface FastEthernet0
description to DSL modem
ip address 192.168.2.2 255.255.255.0
ip access-group test-in in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip nat enable
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no cdp enable
crypto map clientmap
!

interface FastEthernet2
description FastEthernet2
switchport access vlan 5
spanning-tree portfast
!
interface Vlan1
no ip address
shutdown
!
interface Vlan5
description Inside Lan
ip address 192.168.5.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan8
description VPN
ip address 192.168.8.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Async1
no ip address
encapsulation slip
!
ip local pool vlan8-2 192.168.8.5 192.168.8.10
ip default-gateway 192.168.2.1
ip route 0.0.0.0 0.0.0.0 192.168.2.1
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat pool vlan5-nat 192.168.2.2 192.168.2.2 netmask 255.255.255.0
ip nat pool vlan8-nat 192.168.2.2 192.168.2.2 netmask 255.255.255.0
ip nat inside source list 1 pool vlan5-nat overload
ip nat inside source list 3 pool vlan8-nat overload
!
ip access-list extended test-in
permit udp any host 192.168.2.2 eq non500-isakmp
permit udp any host 192.168.2.2 eq isakmp
permit esp any host 192.168.2.2
permit ahp any host 192.168.2.2
deny tcp any any eq 161
deny udp any any eq snmp
deny tcp any any eq 445
deny udp any any eq 445
deny udp any any eq 23
deny tcp any any eq telnet
deny tcp any any eq 135
deny udp any any eq 135
deny udp any any eq netbios-ss
deny tcp any any eq 139
deny tcp any any eq ident
deny udp any any eq 113
permit ip any any
!
access-list 1 permit 192.168.5.0 0.0.0.255
access-list 3 permit 192.168.8.0 0.0.0.255
access-list 100 permit ip 192.168.5.0 0.0.0.255 any
access-list 103 permit ip 192.168.8.0 0.0.0.255 any
!
!
!
control-plane
!
!
line con 0
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
privilege level 15
transport input telnet ssh
!
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end
 
Sort by date Sort by votes
It looks to me that your FastEthernet0 interface faces your DSL modem. The fact that you have an IP address on there of 192.168.2.2 tells me your modem is not just a bridge but also a router? If thats the case is it possible your problem is not in this router, but in your modem/router? I was going to suggest you disable your access list on Fa0/0 just to see if the DHCP assignment was somehow being blocked but now after seeing 192.168.2.2 on your Fa0/0 port I would also think your modem/router has an active firewall also...


-Rainman
 
Upvote 0 Downvote
I agree that you should check the other router. Also would consider trying the following:

Add to client statement:

ACL 100

crypto isakmp client configuration group vpn-group1
key testvpn
pool vlan8-2
acl 100

Romove from DHCP

import all

You do not inport these settings do you? You have static entries in your DHCP statements.
 
Upvote 0 Downvote
Thanks guys but it was a route-map issue and not the other router.


Thanks again for your help
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
120
bdk76
bdk76
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
105
madwok
madwok
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
121
Jared R
Jared R
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
108
Hayden09
Hayden09
JMarine0811
  • Locked
  • Question
CISCO VG450 Factory reset
Replies
1
Views
139
whykap
whykap

Part and Inventory Search

Sponsor

Back
Top