jcook2k3
IS-IT--Management
- Nov 19, 2008
- 8
To all,
I have gotten tons of support for my last issue making a site to site and a Cisco client VPN work and I'm back again to ask for more help.
I have a site to site that is working fine and the Cisco VPN client was working as well, but with no authentication, and now when I add another site to site, the VPN client is not working, the new site is not working, but the first tunnel is working. I would appreciate any help that can be offered, below are my configs...Thanks in advance...
IP's have been changed to protect the innocent...
---------------------------------------------------------
crypto ipsec transform-set trmset4 esp-3des esp-md5-hmac
crypto ipsec transform-set trmset2 esp-des esp-md5-hmac
crypto ipsec transform-set trmset1 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set trmset3 esp-3des esp-sha-hmac
crypto ipsec transform-set trmset5 esp-aes-256 esp-sha-hmac
crypto ipsec security-association lifetime seconds 86400
crypto dynamic-map map2 10 set transform-set trmset1 trmset4 trmset2
crypto dynamic-map map2 10 set security-association lifetime seconds 28800 kilobytes 4608000
crypto map map1 20 ipsec-isakmp
crypto map map1 20 match address 103
crypto map map1 20 set peer xxx.xxx.xxx.xxx
crypto map map1 20 set transform-set trmset3
crypto map map1 30 ipsec-isakmp
crypto map map1 30 match address 104
crypto map map1 30 set peer xxx.xxx.xx.xxx
crypto map map1 30 set transform-set trmset5
crypto map map1 65356 ipsec-isakmp dynamic map2
crypto map map1 interface outside
crypto map VPN 10 ipsec-isakmp dynamic map2
crypto map VPN client authentication RADIUS
isakmp enable outside
isakmp key ******** address xxx.xxx.xxx.xxx netmask 255.255.255.248 no-xauth no-config-mode
isakmp key ******** address xxx.xxx.xx.xxx netmask 255.255.255.248 no-xauth no-config-mode
isakmp identity address
isakmp keepalive 10
isakmp nat-traversal 20
isakmp policy 11 authentication pre-share
isakmp policy 11 encryption des
isakmp policy 11 hash md5
isakmp policy 11 group 2
isakmp policy 11 lifetime 86400
isakmp policy 12 authentication pre-share
isakmp policy 12 encryption 3des
isakmp policy 12 hash sha
isakmp policy 12 group 2
isakmp policy 12 lifetime 86400
isakmp policy 13 authentication pre-share
isakmp policy 13 encryption aes
isakmp policy 13 hash sha
isakmp policy 13 group 2
isakmp policy 13 lifetime 86400
vpngroup iit-remote address-pool vpnpool1
vpngroup iit-remote dns-server 192.168.1.38 192.168.1.26
vpngroup iit-remote default-domain domain.com
vpngroup iit-remote split-tunnel 102
vpngroup iit-remote idle-time 1800
vpngroup iit-remote password ********
I have gotten tons of support for my last issue making a site to site and a Cisco client VPN work and I'm back again to ask for more help.
I have a site to site that is working fine and the Cisco VPN client was working as well, but with no authentication, and now when I add another site to site, the VPN client is not working, the new site is not working, but the first tunnel is working. I would appreciate any help that can be offered, below are my configs...Thanks in advance...
IP's have been changed to protect the innocent...
---------------------------------------------------------
crypto ipsec transform-set trmset4 esp-3des esp-md5-hmac
crypto ipsec transform-set trmset2 esp-des esp-md5-hmac
crypto ipsec transform-set trmset1 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set trmset3 esp-3des esp-sha-hmac
crypto ipsec transform-set trmset5 esp-aes-256 esp-sha-hmac
crypto ipsec security-association lifetime seconds 86400
crypto dynamic-map map2 10 set transform-set trmset1 trmset4 trmset2
crypto dynamic-map map2 10 set security-association lifetime seconds 28800 kilobytes 4608000
crypto map map1 20 ipsec-isakmp
crypto map map1 20 match address 103
crypto map map1 20 set peer xxx.xxx.xxx.xxx
crypto map map1 20 set transform-set trmset3
crypto map map1 30 ipsec-isakmp
crypto map map1 30 match address 104
crypto map map1 30 set peer xxx.xxx.xx.xxx
crypto map map1 30 set transform-set trmset5
crypto map map1 65356 ipsec-isakmp dynamic map2
crypto map map1 interface outside
crypto map VPN 10 ipsec-isakmp dynamic map2
crypto map VPN client authentication RADIUS
isakmp enable outside
isakmp key ******** address xxx.xxx.xxx.xxx netmask 255.255.255.248 no-xauth no-config-mode
isakmp key ******** address xxx.xxx.xx.xxx netmask 255.255.255.248 no-xauth no-config-mode
isakmp identity address
isakmp keepalive 10
isakmp nat-traversal 20
isakmp policy 11 authentication pre-share
isakmp policy 11 encryption des
isakmp policy 11 hash md5
isakmp policy 11 group 2
isakmp policy 11 lifetime 86400
isakmp policy 12 authentication pre-share
isakmp policy 12 encryption 3des
isakmp policy 12 hash sha
isakmp policy 12 group 2
isakmp policy 12 lifetime 86400
isakmp policy 13 authentication pre-share
isakmp policy 13 encryption aes
isakmp policy 13 hash sha
isakmp policy 13 group 2
isakmp policy 13 lifetime 86400
vpngroup iit-remote address-pool vpnpool1
vpngroup iit-remote dns-server 192.168.1.38 192.168.1.26
vpngroup iit-remote default-domain domain.com
vpngroup iit-remote split-tunnel 102
vpngroup iit-remote idle-time 1800
vpngroup iit-remote password ********