Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

CISCO VPN configuration issue (urgent)

Posted on 2007-10-11
5
Medium Priority
?
233 Views
Last Modified: 2012-06-21
Hello!

I have a cisco 2801 router and around 70 vpns configured on them like this:

"crypto isakmp policy 8

 hash md5

 authentication pre-share

 group 2

!

crypto isakmp policy 10

 hash md5

 authentication pre-share

!

crypto isakmp policy 20

 hash md5

 authentication pre-share

 lifetime 3600

crypto isakmp key thisisthekey address <peer address> no-xauth

crypto ipsec transform-set d-link esp-des esp-md5-hmac

crypto dynamic-map DYNMAP 10

 set transform-set d-link

 reverse-route

!

!

crypto map crypto-map-f0-0 client authentication list VPNAUTH

crypto map crypto-map-f0-0 isakmp authorization list VPNAUTOR

crypto map crypto-map-f0-0 client configuration address respond

crypto map crypto-map-f0-0 5 ipsec-isakmp dynamic DYNMAP

crypto map crypto-map-f0-0 20 ipsec-isakmp

 set peer <peer address>

 set transform-set d-link

 match address 2102

access-list 2102 permit ip <local subnet> 0.0.0.255 <remote subnet> 0.0.0.255

Thing is that everything works for all the locations, except one location that has 7 different subnets which must be routed and it doesnt work.
if i just put match address <number>
and then the access-list with that number, i put one after another all those subnets, it just gets the first one then the rest dont work

if i define all of them and for all of them a different match address, none of them is working

Please help me, i have no idea why this doesnt work
thanks  a lot
0
Comment
Question by:lyncks
  • 3
  • 2
5 Comments
 
LVL 1

Author Comment

by:lyncks
ID: 20057319
anyone?
at the other end these is a checkpoint firewall
thanks
0
 
LVL 9

Expert Comment

by:trinak96
ID: 20076988
Can you summarise the seven subnets into 1 ??
Personally, my vpn  headend routers are configured with a single class A subnet. As the vpn is kicked off from the remote end it's that side that needs the different allowed subnets configured.
0
 
LVL 1

Author Comment

by:lyncks
ID: 20077052
exactly my point. i really think it's their fault. i summarised all of them and still i only get the first of them, the others dont get through
what should i tell them?
0
 
LVL 9

Accepted Solution

by:
trinak96 earned 2000 total points
ID: 20077159
If you have summarised into 1 subnet and only one subnet is working then it will be their end.....
0
 
LVL 1

Author Comment

by:lyncks
ID: 20077508
yeah i think that too.
ill see what they say and maybe open another question
thanks
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question