Solved

Cisco VPN "All the crypto applied interface(s) are down or no crypto applied interface is present"

Posted on 2010-08-28
7
1,727 Views
Last Modified: 2012-05-10
Trying to setup the VPN for my Cisco 877. Getting this error when testing it:
"All the crypto applied interface(s) are down or no crypto applied interface is present"
0
Comment
Question by:ivanmu
  • 5
  • 2
7 Comments
 
LVL 24

Expert Comment

by:rfc1180
Comment Utility
on the outside interfaces (Interfaces that you have connected to the Internet)

interface fast1/1
no shut

or

interface fast1/1
crypto map somevpnname

Also, please post your config, this will allow is to review your config:

Also post:

show ip int bri
show int fast1/1  (Replace wit correct outside interface)
show crypto isakmp sa
show crypto ipsec sa

Thanks
Billy
0
 

Author Comment

by:ivanmu
Comment Utility
show config:

Using 6190 out of 131072 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname jh-associates
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$xObJ$on6A8Ft7V2GdjtcqQqcSc.
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
!
aaa session-id common
!
resource policy
!
clock timezone PCTime 8
ip subnet-zero
no ip source-route
ip cef    
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.168.1.200 192.168.1.254
!
ip dhcp pool sdm-pool1
   import all
   network 192.168.1.0 255.255.255.0
   dns-server 165.21.83.88 165.21.100.88
   default-router 192.168.1.254
!
!
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip tcp synwait-time 10
no ip bootp server
ip domain name jh-associates.com
ip name-server 165.21.83.88
ip name-server 165.21.100.88
ip ssh time-out 60
ip ssh authentication-retries 2
!
!        
crypto pki trustpoint TP-self-signed-2802408993
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2802408993
 revocation-check none
 rsakeypair TP-self-signed-2802408993
!
!
crypto pki certificate chain TP-self-signed-2802408993
 certificate self-signed 01 nvram:IOS-Self-Sig#3309.cer
username inetsolutionsadmin privilege 15 secret 5 $1$vUfa$HM3krZEvdphlzhaQqgnxR/
username ivanmu privilege 13 secret 5 $1$WN1M$.e3nz8RlRa7UK/hM2SSvl1
!
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp client configuration group GP1
 key tracyleow
 pool SDM_POOL_1
 max-users 10
 netmask 255.255.255.0
crypto isakmp profile sdm-ike-profile-1
   match identity group GP1
   client authentication list sdm_vpn_xauth_ml_1
   isakmp authorization list sdm_vpn_group_ml_1
   client configuration address respond
   virtual-template 1
!
!        
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto ipsec profile SDM_Profile1
 set transform-set ESP-3DES-SHA
 set isakmp-profile sdm-ike-profile-1
!
!
crypto map IPSec1 1 ipsec-isakmp
 set peer 220.255.55.38
 set transform-set ESP-3DES-SHA
 match address ALCRule1
!
!
!
interface ATM0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface ATM0.1 point-to-point
 description $ES_WAN$$FW_OUTSIDE$
 pvc 0/100
  pppoe-client dial-pool-number 1
 !
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Virtual-Template1 type tunnel
 ip unnumbered Dialer0
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile SDM_Profile1
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
 ip address 192.168.1.254 255.255.255.0
 ip access-group 100 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1412
!
interface Dialer0
 description $FW_OUTSIDE$
 ip address negotiated
 ip access-group 101 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1452
 ip inspect DEFAULT100 out
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip route-cache flow
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication pap callin
 ppp pap sent-username ivanmu@singnet password 7 1403000A0F1D787D73
!
ip local pool SDM_POOL_1 192.168.1.50 192.168.1.60
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
!
ip access-list extended ALCRule1
 remark SDM_ACL Category=4
 permit udp any any
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 remark auto generated by Cisco SDM Express firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by Cisco SDM Express firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp any any eq non500-isakmp
access-list 101 permit udp any any eq isakmp
access-list 101 permit esp any any
access-list 101 permit ahp any any
access-list 101 permit udp host 165.21.100.88 eq domain any
access-list 101 permit udp host 165.21.83.88 eq domain any
access-list 101 deny   ip 192.168.1.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip any any
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 no modem enable
 transport output telnet
line aux 0
 transport output telnet
line vty 0 4
 transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
0
 

Author Comment

by:ivanmu
Comment Utility
show ip int bri
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0              unassigned      YES unset  up                    up      
FastEthernet1              unassigned      YES unset  up                    down    
FastEthernet2              unassigned      YES unset  up                    up      
FastEthernet3              unassigned      YES unset  up                    down    
ATM0                       unassigned      YES NVRAM  up                    up      
ATM0.1                     unassigned      YES unset  up                    up      
Vlan1                      192.168.1.254   YES NVRAM  up                    up      
NVI0                       unassigned      YES unset  up                    up      
Dialer0                    220.255.55.38   YES IPCP   up                    up      
Virtual-Access1            unassigned      YES unset  up                    up      
Virtual-Template1          220.255.55.38   YES TFTP   down                  down    
Virtual-Access2            unassigned      YES unset  down                  down  
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:ivanmu
Comment Utility
show int ATM0.1      
ATM0.1 is up, line protocol is up
  Hardware is MPC ATMSAR (with Alcatel ADSL Module)
  Description: $ES_WAN$$FW_OUTSIDE$
  MTU 4470 bytes, BW 1021 Kbit, DLY 360 usec,
     reliability 255/255, txload 1/255, rxload 2/255
  Encapsulation ATM
  4739 packets input, 1689593 bytes
  4606 packets output, 1037636 bytes
  0 OAM cells input, 0 OAM cells output
  AAL5 CRC errors : 0
  AAL5 SAR Timeouts : 0
  AAL5 Oversized SDUs : 0
  Last clearing of "show interface" counters never
0
 

Author Comment

by:ivanmu
Comment Utility
show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst             src             state          conn-id slot status

IPv6 Crypto ISAKMP SA

show crypto ipsec sa
[empty]
0
 
LVL 24

Accepted Solution

by:
rfc1180 earned 125 total points
Comment Utility
try this:

enable
conf t
interface Dialer0
crypto map IPSec1
end
wr mem
0
 

Author Closing Comment

by:ivanmu
Comment Utility
already resolve the problem
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now