Solved

remote access VPN

Posted on 2011-09-05
3
249 Views
Last Modified: 2012-05-12
remote access VPN
I cannot used VPN remote  where is problem
please help me
 
reason 412:  the remote peer is no longer responding  !!! why show me that


!
hostname IT_Local
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$eENx$/u2ZNP53BV81VRp0NlQB9/
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login userlist local
!
!
!
!
!
aaa session-id common
!
!
!
no network-clock-participate wic 0
no network-clock-participate wic 1
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
ip domain name test.net
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
!
crypto pki trustpoint TP-self-signed-226820793
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-226820793
 revocation-check none
 rsakeypair TP-self-signed-226820793
!
!
crypto pki certificate chain TP-self-signed-226820793
 certificate self-signed 01
  30820249 308201B2 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32323638 32303739 33301E17 0D313130 39303531 36343535
  305A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3232 36383230
  37393330 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  D3235960 ABCE4A29 ADF0F1D6 D5073F05 674D23BD 3B9BD9FE 48C355A3 08525F47
  5CEF7E64 F05E4CAF FA770E11 6BB4BE34 5487F8E8 D038B783 826C02D1 3110A0FB
  747AFD45 8D1A3C09 26EC3FA2 6FA40F64 05AABF35 E531EDB0 A615E31F 300C23D1
  157742A9 8ED5A558 57514319 A25787FA 5227A32C 61A9679C 1504281B F300D257
  02030100 01A37330 71300F06 03551D13 0101FF04 05300301 01FF301E 0603551D
  11041730 15821349 545F4C6F 63616C2E 66616E6F 6F732E6E 6574301F 0603551D
  23041830 168014D6 F0FE436F 18B779AD 9E2ED1C8 C770830F 38B12430 1D060355
  1D0E0416 0414D6F0 FE436F18 B779AD9E 2ED1C8C7 70830F38 B124300D 06092A86
  4886F70D 01010405 00038181 0063D9CA 45F85658 FDE70BF7 F1A1F68C 0472881F
  8F32524E 5390D9BA 44708BE4 6A062811 185F686D A3DBF23F AC8094D7 86ABFE48
  700BADCB 0AAB5B88 D53BE2B1 3DF855F4 B839FAE2 B4DEA8C8 7C5E0D1A 0DBC40FC
  62000FDF 7B86B05D 934BB5AB 2CDD3F20 289650DE 5D1AA9CA 54220B0B E738B15F
  431431F2 7DECB90E DE8EB0EF FC
        quit
!
!
license udi pid CISCO2821 sn FCZ113770DN

username admin privilege 15 secret 5 $1$DqF1$wVb/aLW0o364GSMh0PUB10
!
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto isakmp policy 10
 encr aes
 authentication pre-share
 group 2
!
crypto isakmp client configuration group bbc-VPN
 key bbc
 dns 4.2.2.2 198.6.1.3
 pool vpnpool
 netmask 255.255.255.0
!
!
crypto ipsec transform-set myset esp-aes esp-sha-hmac
!
crypto dynamic-map dynmap 10
 set transform-set myset
 reverse-route
!
!
crypto map mymap client authentication list userlist
crypto map mymap client configuration address respond
crypto map mymap 10 ipsec-isakmp dynamic dynmap
!
!
!
!
!
!
interface Loopback0
 ip address 10.100.100.1 255.255.255.255
 !
!
interface GigabitEthernet0/0
 description Internal
 ip address 10.200.200.51 255.255.255.0
 duplex auto
 speed auto
 !
!
interface GigabitEthernet0/1
 ip address 70.70.70.1 255.255.255.192
 duplex auto
 speed auto
 crypto map mymap
 !
!
ip local pool 10.20.20.10 10.20.20.254
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
Added the VPN Zone.

rindi,
EE ZA Storage

Open in new window

0
Comment
Question by:memo12345678
  • 2
3 Comments
 
LVL 32

Expert Comment

by:harbor235
ID: 36486727

What kind of VPN is this? site to site or remote access? What is teh remote client using?

Are both sides setup to use AES?

Need more info on the remote peer?

harbor235 :}
0
 

Accepted Solution

by:
memo12345678 earned 0 total points
ID: 36490767
Dear I make config it is easy remote access VPN

but now VPN client connect  took IP 10.100.100.60 to 80  but cannot access to 10.100.100.51 why or make to local network 10.100.100.X !!!




username test password 0 test


crypto isakmp policy 1
 encr aes
 authentication pre-share
 group 2
 lifetime 7200
crypto isakmp key Cisco address 0.0.0.0 0.0.0.0
crypto isakmp client configuration address-pool local EZVPN_POOL
!
crypto isakmp client configuration group exam
 key Cisco123
 dns 4.2.2.2
 wins 4.2.2.2
 pool EZVPN_POOL
 netmask 255.255.255.0
crypto isakmp profile EZVPN_PROFILE
   match identity group Fanoos_GROUP
   client authentication list USER
   isakmp authorization list GROUP
   client configuration address respond
   virtual-template 1
!
!
crypto ipsec transform-set EZVPN_SET esp-aes esp-sha-hmac
!
crypto ipsec profile EZVPN_PROFILE
 set transform-set EZVPN_SET
 set isakmp-profile EZVPN_PROFILE
!
!
!
!
!
!

 !
!
interface GigabitEthernet0/0
 description Internal
 ip address 10.100.100.51 255.255.255.0
 duplex auto
 speed auto
 !
!
interface GigabitEthernet0/1
 ip address 70.70.70.1 255.255.255.192
 duplex auto
 speed auto
 !
!
interface Virtual-Template1 type tunnel
 ip unnumbered GigabitEthernet0/1
 tunnel mode ipsec ipv4
 tunnel path-mtu-discovery
 tunnel protection ipsec profile EZVPN_PROFILE
 !
!
ip local pool EZVPN_POOL 10.100.100.60 10.100.100.80
0
 

Author Closing Comment

by:memo12345678
ID: 37087308
dd
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now