Cisco VPN "All the crypto applied interface(s) are down or no crypto applied interface is present"

Posted on 2010-08-28
Last Modified: 2012-05-10
Trying to setup the VPN for my Cisco 877. Getting this error when testing it:
"All the crypto applied interface(s) are down or no crypto applied interface is present"
Question by:ivanmu
  • 5
  • 2
LVL 24

Expert Comment

ID: 33549668
on the outside interfaces (Interfaces that you have connected to the Internet)

interface fast1/1
no shut


interface fast1/1
crypto map somevpnname

Also, please post your config, this will allow is to review your config:

Also post:

show ip int bri
show int fast1/1  (Replace wit correct outside interface)
show crypto isakmp sa
show crypto ipsec sa


Author Comment

ID: 33549922
show config:

Using 6190 out of 131072 bytes
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname jh-associates
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$xObJ$on6A8Ft7V2GdjtcqQqcSc.
aaa new-model
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
aaa session-id common
resource policy
clock timezone PCTime 8
ip subnet-zero
no ip source-route
ip cef    
no ip dhcp use vrf connected
ip dhcp excluded-address
ip dhcp excluded-address
ip dhcp pool sdm-pool1
   import all
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip tcp synwait-time 10
no ip bootp server
ip domain name
ip name-server
ip name-server
ip ssh time-out 60
ip ssh authentication-retries 2
crypto pki trustpoint TP-self-signed-2802408993
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2802408993
 revocation-check none
 rsakeypair TP-self-signed-2802408993
crypto pki certificate chain TP-self-signed-2802408993
 certificate self-signed 01 nvram:IOS-Self-Sig#3309.cer
username inetsolutionsadmin privilege 15 secret 5 $1$vUfa$HM3krZEvdphlzhaQqgnxR/
username ivanmu privilege 13 secret 5 $1$WN1M$.e3nz8RlRa7UK/hM2SSvl1
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp client configuration group GP1
 key tracyleow
 pool SDM_POOL_1
 max-users 10
crypto isakmp profile sdm-ike-profile-1
   match identity group GP1
   client authentication list sdm_vpn_xauth_ml_1
   isakmp authorization list sdm_vpn_group_ml_1
   client configuration address respond
   virtual-template 1
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec profile SDM_Profile1
 set transform-set ESP-3DES-SHA
 set isakmp-profile sdm-ike-profile-1
crypto map IPSec1 1 ipsec-isakmp
 set peer
 set transform-set ESP-3DES-SHA
 match address ALCRule1
interface ATM0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 no atm ilmi-keepalive
 dsl operating-mode auto
interface ATM0.1 point-to-point
 description $ES_WAN$$FW_OUTSIDE$
 pvc 0/100
  pppoe-client dial-pool-number 1
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface Virtual-Template1 type tunnel
 ip unnumbered Dialer0
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile SDM_Profile1
interface Vlan1
 ip address
 ip access-group 100 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1412
interface Dialer0
 description $FW_OUTSIDE$
 ip address negotiated
 ip access-group 101 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1452
 ip inspect DEFAULT100 out
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip route-cache flow
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication pap callin
 ppp pap sent-username ivanmu@singnet password 7 1403000A0F1D787D73
ip local pool SDM_POOL_1
ip classless
ip route Dialer0
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip access-list extended ALCRule1
 remark SDM_ACL Category=4
 permit udp any any
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit
access-list 100 remark auto generated by Cisco SDM Express firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny   ip host any
access-list 100 deny   ip any
access-list 100 permit ip any any
access-list 101 remark auto generated by Cisco SDM Express firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp any any eq non500-isakmp
access-list 101 permit udp any any eq isakmp
access-list 101 permit esp any any
access-list 101 permit ahp any any
access-list 101 permit udp host eq domain any
access-list 101 permit udp host eq domain any
access-list 101 deny   ip any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny   ip any
access-list 101 deny   ip any
access-list 101 deny   ip any
access-list 101 deny   ip any
access-list 101 deny   ip host any
access-list 101 deny   ip host any
access-list 101 deny   ip any any
dialer-list 1 protocol ip permit
no cdp run
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
line con 0
 no modem enable
 transport output telnet
line aux 0
 transport output telnet
line vty 0 4
 transport input telnet ssh
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500

Author Comment

ID: 33549928
show ip int bri
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0              unassigned      YES unset  up                    up      
FastEthernet1              unassigned      YES unset  up                    down    
FastEthernet2              unassigned      YES unset  up                    up      
FastEthernet3              unassigned      YES unset  up                    down    
ATM0                       unassigned      YES NVRAM  up                    up      
ATM0.1                     unassigned      YES unset  up                    up      
Vlan1               YES NVRAM  up                    up      
NVI0                       unassigned      YES unset  up                    up      
Dialer0             YES IPCP   up                    up      
Virtual-Access1            unassigned      YES unset  up                    up      
Virtual-Template1   YES TFTP   down                  down    
Virtual-Access2            unassigned      YES unset  down                  down  
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 33549930
show int ATM0.1      
ATM0.1 is up, line protocol is up
  Hardware is MPC ATMSAR (with Alcatel ADSL Module)
  Description: $ES_WAN$$FW_OUTSIDE$
  MTU 4470 bytes, BW 1021 Kbit, DLY 360 usec,
     reliability 255/255, txload 1/255, rxload 2/255
  Encapsulation ATM
  4739 packets input, 1689593 bytes
  4606 packets output, 1037636 bytes
  0 OAM cells input, 0 OAM cells output
  AAL5 CRC errors : 0
  AAL5 SAR Timeouts : 0
  AAL5 Oversized SDUs : 0
  Last clearing of "show interface" counters never

Author Comment

ID: 33549932
show crypto isakmp sa
dst             src             state          conn-id slot status


show crypto ipsec sa
LVL 24

Accepted Solution

rfc1180 earned 125 total points
ID: 33549937
try this:

conf t
interface Dialer0
crypto map IPSec1
wr mem

Author Closing Comment

ID: 33813338
already resolve the problem

Featured Post

Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
WiFi Routers with Guest Network capability 14 103
SonicWall Max Connection Setting 7 37
Anyconnect landing page login failed 2 33
Updating Group Policy over a PPTP VPN 21 48
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question