Advertisement

08.25.2008 at 12:50AM PDT, ID: 23674688
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
7.6

IPSec configuration in Cisco 2800 Series Router

Asked by saleempc in IPSec Security Protocol, Network Routers, Virtual Private Networking (VPN)

Tags: , ,

Please see my configuration here. Im unable to access through IPSec VPN.

Using 5845 out of 245752 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname XXXXXXXXXX
!
boot-start-marker
boot system flash c2800nm-advsecurityk9-mz.124-3i.bin
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$3yZR$1qwFCRWONTB19QwOe/CiZ1
!
aaa new-model
!
!
aaa authentication banner ^C

aaa authentication login userauthen local
aaa authorization network groupauthor local
!
aaa session-id common
!
resource policy
!
clock timezone GMT 4
ip subnet-zero
no ip source-route
ip tcp synwait-time 10
!
!
ip cef
!
!
ip flow-cache timeout active 1
no ip bootp server
ip domain name xxxxxxx
!
!
!
crypto pki trustpoint TP-self-signed-2189834410
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2189834410
 revocation-check none
 rsakeypair TP-self-signed-2189834410
!
!
username xxxx privilege 15 secret 5 xxxxxxxxxx
username xxxx password 7 xxxxxxxx
username xxxx password 7 xxxxxxxx
username xxxx password 7 xxxxxxxx
!
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp policy 30
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key 6 xxxxxx address xxxxxx no-xauth
crypto isakmp identity hostname
!
crypto isakmp client configuration group xxxxxx
 key xxxxxx
 pool ippool
 acl 150
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
 mode transport
crypto ipsec transform-set remote esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 10
 set transform-set remote
 reverse-route
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
crypto map clientmap 30 ipsec-isakmp
 set peer xxxxxxxx
 set transform-set myset
 match address xxxxxx
!
!
!
interface FastEthernet0/0
 description connected to OUTSIDE (ISP) 1M Leased Line
 ip address xxxxxxxxx xxxxxxxxx
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled
!
interface FastEthernet0/1
 description Connected to LAN
 ip address xxxxxx xxxxxxxx
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
!
ip local pool ippool xxxxx  xxxxxxxx
ip local pool ippool xxxxxx xxxxxxxx
ip default-gateway xxxxxxxxxx
ip classless
ip route xxxxxxxxxxxxxxxxxxxx
!
ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip access-list extended jed-to-hq
 permit ip xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 permit ip xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 permit ip xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
ip access-list extended nonat
 deny   ip xxxxxxxxxxxxxxxxxxxxxxxxxxxx
 deny   ip xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 deny   ip xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
access-list 23 permit xxxxxxxxxxxxx
!
!
control-plane
!
!
!
line con 0
 password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxx
 transport output telnet
line aux 0
 password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxx
 transport output telnet
line vty 0 4
 privilege level 15
 password 7 xxxxxxxxxxxxxxxxxxx
 transport input telnet ssh
 transport output all
line vty 5 15
 access-class 23 in
 privilege level 15
 password 7 xxxxxxxxxxxxxxxxxxxxxxxxxx
 transport input telnet ssh
 transport output none
!
scheduler allocate 20000 1000
!
endStart Free Trial
[+][-]09.08.2008 at 01:53PM PDT, ID: 22421520

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: IPSec Security Protocol, Network Routers, Virtual Private Networking (VPN)
Tags: Cisco, Cisco Router, 2800 Series
Sign Up Now!
Solution Provided By: cstosgale
Participating Experts: 1
Solution Grade: B
 
 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628