Solved

Cisco 876 router and Cisco VPN Client software

Posted on 2008-06-23
2
1,067 Views
Last Modified: 2010-01-18
I have a (partly) working Cisco 876 but can't connect with the Cisco VPN Client software.
The added the following commands to the config:

crypto isakmp policy 3
 encr 3des
 hash md5
 authentication pre-share
 group 2

crypto isakmp client configuration group 3000client
 key *****
 dns 192.168.105.10
 domain domain.local
 pool vpdnpool
 acl 108

crypto ipsec transform-set transformset esp-3des esp-md5-hmac
!
crypto identity address
 !
 !
 crypto dynamic-map dynmap 10
 set transform-set transformset
!
!
crypto map map client authentication list userauthen
crypto map map client authorization list groupauthor
crypto map map client configuration address initiate
crypto map map client configuration address respond
crypto map map 20 ipsec-isakmp dynamic dynmap

ip local pool vpdnpool 172.16.199.1 172.16.199.254

Could be in the access-list.? Which port should be open?
0
Comment
Question by:CLEARPATH
2 Comments
 
LVL 1

Accepted Solution

by:
Net-P earned 500 total points
ID: 21854052
The following ports should be open in the Inbound-ACL on the interface with the crypto map:

ESP (IP/50)
UDP 500
UDP 4500

#####

crypto map map client configuration address initiate
crypto map map client configuration address respond

remove: crypto map map client configuration address initiate

0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Comms between vlans via router 2 36
GRE Trunnel with IPsec Encryption Issue 3 56
Can't remote with RDC through ASUS RT-N66W Router 3 57
Fortigate 100D NTP Issue 4 52
New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now