Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco 876 router and Cisco VPN Client software

Posted on 2008-06-23
2
Medium Priority
?
1,087 Views
Last Modified: 2010-01-18
I have a (partly) working Cisco 876 but can't connect with the Cisco VPN Client software.
The added the following commands to the config:

crypto isakmp policy 3
 encr 3des
 hash md5
 authentication pre-share
 group 2

crypto isakmp client configuration group 3000client
 key *****
 dns 192.168.105.10
 domain domain.local
 pool vpdnpool
 acl 108

crypto ipsec transform-set transformset esp-3des esp-md5-hmac
!
crypto identity address
 !
 !
 crypto dynamic-map dynmap 10
 set transform-set transformset
!
!
crypto map map client authentication list userauthen
crypto map map client authorization list groupauthor
crypto map map client configuration address initiate
crypto map map client configuration address respond
crypto map map 20 ipsec-isakmp dynamic dynmap

ip local pool vpdnpool 172.16.199.1 172.16.199.254

Could be in the access-list.? Which port should be open?
0
Comment
Question by:CLEARPATH
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 1

Accepted Solution

by:
Net-P earned 2000 total points
ID: 21854052
The following ports should be open in the Inbound-ACL on the interface with the crypto map:

ESP (IP/50)
UDP 500
UDP 4500

#####

crypto map map client configuration address initiate
crypto map map client configuration address respond

remove: crypto map map client configuration address initiate

0

Featured Post

Enroll in September's Course of the Month

This month’s featured course covers 16 hours of training in installation, management, and deployment of VMware vSphere virtualization environments. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question