Why is it not funtioning?

Discussion in 'Cisco' started by Maurizio, Aug 2, 2006.

  1. Maurizio

    Maurizio Guest

    Why is it not functioning?
    I have a Cisco router 877 with static public IP that I want to set like
    an easy VPN server to open a tunnel for a client PC with dynamic IP
    public.
    The configuration of router is:
    ------------------
    !version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname R877-JMC
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 51200 warnings
    enable secret 5 $1$gT68$p8Z.EZHkGBMS96kCBM3Jt.
    !
    aaa new-model
    !
    !
    aaa authentication login default local
    aaa authentication login sdm_vpn_xauth_ml_1 local
    aaa authentication login sdm_vpn_xauth_ml_2 local
    aaa authorization exec default local
    aaa authorization network sdm_vpn_group_ml_1 local
    aaa authorization network sdm_vpn_group_ml_2 local
    aaa authorization network sdm_vpn_group_ml_3 local
    !
    aaa session-id common
    !
    resource policy
    !
    clock timezone Paris 1
    clock summer-time Paris date Mar 30 2003 2:00 Oct 26 2003 3:00
    ip cef
    no ip dhcp use vrf connected
    ip dhcp excluded-address 10.10.10.1
    !
    ip dhcp pool sdm-pool
    import all
    network 10.10.10.0 255.255.255.248
    default-router 10.10.10.1
    lease 0 2
    !
    !
    ip domain name yourdomain.com
    !
    !
    crypto pki trustpoint TP-self-signed-xxxxxxxxxx
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-xxxxxxxxxx
    revocation-check none
    rsakeypair TP-self-signed-xxxxxxxxxx
    !
    !
    crypto pki certificate chain TP-self-signed-xxxxxxxxxx
    certificate self-signed 01
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33
    38303732
    ...
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33
    38303732
    quit
    username admin privilege 15 secret 5 $1$jgy.$2rqgbozIqumX/sVGuNUz2/
    !
    !
    !
    crypto isakmp policy 2
    encr 3des
    hash md5
    authentication pre-share
    group 2
    crypto isakmp key <my_key> address 80.102.0.0 255.255.0.0
    !
    crypto isakmp client configuration group vpn-group
    key <my_key>
    dns 80.58.0.97
    pool SDM_POOL_1
    max-users 10
    netmask 255.255.255.0
    banner ^CPrueba Maurizio ^C
    !
    !
    crypto ipsec transform-set vpn_trasnf_set ah-md5-hmac esp-3des
    esp-md5-hmac
    !
    crypto dynamic-map SDM_DYNMAP_1 1
    set transform-set vpn_trasnf_set
    match address vpn_acl
    reverse-route
    !
    !
    crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_3
    crypto map SDM_CMAP_1 client configuration address initiate
    crypto map SDM_CMAP_1 client configuration address respond
    crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
    !
    !
    !
    interface ATM0
    no ip address
    no atm ilmi-keepalive
    dsl operating-mode auto
    !
    interface ATM0.6 point-to-point
    ip address <router_public_IP> 255.255.255.192
    ip nat outside
    ip virtual-reassembly
    no snmp trap link-status
    pvc 8/32
    encapsulation aal5snap
    !
    crypto map SDM_CMAP_1
    !
    interface FastEthernet0
    !
    interface FastEthernet1
    !
    interface FastEthernet2
    !
    interface FastEthernet3
    !
    interface Vlan1
    description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
    ip address 172.26.0.1 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    ip tcp adjust-mss 1452
    !
    ip local pool SDM_POOL_1 172.27.0.1 172.27.0.10
    ip route 0.0.0.0 0.0.0.0 <router_gateway>
    !
    ip http server
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 5 life 86400 requests 10000
    ip nat inside source route-map SDM_RMAP_1 interface ATM0.6 overload
    ip nat inside source route-map SDM_RMAP_2 pool 172.26.0.10
    ip nat inside source static tcp 172.26.0.10 25 interface ATM0.6 25
    !
    ip access-list extended correo
    remark Llegada correo
    remark SDM_ACL Category=2
    deny ip any host 172.27.0.1
    deny ip any host 172.27.0.2
    deny ip any host 172.27.0.3
    deny ip any host 172.27.0.4
    deny ip any host 172.27.0.5
    deny ip any host 172.27.0.6
    deny ip any host 172.27.0.7
    deny ip any host 172.27.0.8
    deny ip any host 172.27.0.9
    deny ip any host 172.27.0.10
    permit tcp any eq smtp host <router_pubblic_IP>
    ip access-list extended vpn_acl
    remark funcionamiento vpn
    remark SDM_ACL Category=4
    permit ip 172.27.0.0 0.0.0.255 any
    !
    access-list 1 remark INSIDE_IF=Vlan1
    access-list 1 remark SDM_ACL Category=2
    access-list 1 permit 172.26.0.0 0.0.0.255
    access-list 100 remark SDM_ACL Category=2
    access-list 100 deny ip any host 172.27.0.1
    access-list 100 deny ip any host 172.27.0.2
    access-list 100 deny ip any host 172.27.0.3
    access-list 100 deny ip any host 172.27.0.4
    access-list 100 deny ip any host 172.27.0.5
    access-list 100 deny ip any host 172.27.0.6
    access-list 100 deny ip any host 172.27.0.7
    access-list 100 deny ip any host 172.27.0.8
    access-list 100 deny ip any host 172.27.0.9
    access-list 100 deny ip any host 172.27.0.10
    access-list 100 permit ip 172.26.0.0 0.0.0.255 any
    no cdp run
    !
    !
    route-map SDM_RMAP_1 permit 1
    match ip address 100
    !
    route-map SDM_RMAP_2 permit 1
    match ip address correo
    !
    !
    control-plane
    !
    line con 0
    no modem enable
    line aux 0
    line vty 0 4
    transport input telnet ssh
    !
    scheduler max-task-time 5000
    !
    webvpn context Default_context
    ssl authenticate verify all
    !
    no inservice
    !
    end

    -----------------------
    When I try to open tunnel with the GreenBow it appears the error:

    Default (SA CnxVpn1-P1) SEND phase 1 Aggressive Mode [SA] [KEY EXCH]
    [NONCE] [ID] [VID] [VID] [VID] [VID]
    Default (SA CnxVpn1-P1) RECV phase 1 Aggressive Mode [HASH] [SA]
    [KEY_EXCH] [NONCE] [ID] [NAT_D] [NAT_D] [VID] [VID] [VID] [VID] [VID]
    Default (SA CnxVpn1-P1) SEND phase 1 Aggressive Mode [HASH] [NAT_D]
    [NAT_D]
    Default phase 1 done: initiator id 80.102.20.239, responder
    <router_public_IP>
    Default RECV Informational [HASH] [DELETE]
    Default <CnxVpn1-P1> deleted

    While in the router console appears the error:

    %CRYPTO-6-VPN_TUNNEL_STATUS: Group: does not exist

    Can you help me to solve the problem?

    Thanks in advance. Bye, Maurizio
    Maurizio, Aug 2, 2006
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?UnViZW4=?=

    why not me, why?

    =?Utf-8?B?UnViZW4=?=, Apr 26, 2005, in forum: Wireless Networking
    Replies:
    2
    Views:
    578
    Gregg Hill
    Apr 27, 2005
  2. Replies:
    10
    Views:
    1,246
  3. You HAVE NO IDEA

    Why Why Why

    You HAVE NO IDEA, Apr 22, 2004, in forum: MCSE
    Replies:
    31
    Views:
    1,485
    billyw
    Apr 24, 2004
  4. Sohaib Saleem
    Replies:
    7
    Views:
    2,492
    Sohaib Saleem
    Nov 3, 2008
  5. Velvet Whore

    Why? why? why?

    Velvet Whore, Nov 18, 2005, in forum: Computer Information
    Replies:
    1
    Views:
    385
    Fakename
    Nov 20, 2005
Loading...

Share This Page