Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Cisco 876 router and Cisco VPN Client software

Posted on 2008-06-23
2
1,073 Views
Last Modified: 2010-01-18
I have a (partly) working Cisco 876 but can't connect with the Cisco VPN Client software.
The added the following commands to the config:

crypto isakmp policy 3
 encr 3des
 hash md5
 authentication pre-share
 group 2

crypto isakmp client configuration group 3000client
 key *****
 dns 192.168.105.10
 domain domain.local
 pool vpdnpool
 acl 108

crypto ipsec transform-set transformset esp-3des esp-md5-hmac
!
crypto identity address
 !
 !
 crypto dynamic-map dynmap 10
 set transform-set transformset
!
!
crypto map map client authentication list userauthen
crypto map map client authorization list groupauthor
crypto map map client configuration address initiate
crypto map map client configuration address respond
crypto map map 20 ipsec-isakmp dynamic dynmap

ip local pool vpdnpool 172.16.199.1 172.16.199.254

Could be in the access-list.? Which port should be open?
0
Comment
Question by:CLEARPATH
2 Comments
 
LVL 1

Accepted Solution

by:
Net-P earned 500 total points
ID: 21854052
The following ports should be open in the Inbound-ACL on the interface with the crypto map:

ESP (IP/50)
UDP 500
UDP 4500

#####

crypto map map client configuration address initiate
crypto map map client configuration address respond

remove: crypto map map client configuration address initiate

0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question