|
|
Question : Problem: Cisco 871 EZVPN with Windows Client
|
|
I am and trying to setuo an EZVPN server for a client that has a Windows 2000 server and a Cisco 871 Router. They don't want to pay for the Cisco client, so I want them to be able to use a Windows Client to connect. My config is posted below. Can someone tell me why I am unable to creat a VPN connection?
Current configuration : 4182 bytes ! ! Last configuration change at 22:53:40 UTC Thu Oct 20 2005 by servaltech ! NVRAM config last updated at 22:57:19 UTC Thu Oct 20 2005 by servaltech ! version 12.3 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname ALS ! boot-start-marker boot-end-marker ! logging buffered 51200 debugging enable password xxx ! username servaltech privilege 15 secret xxx username test password xxx aaa new-model ! ! aaa authentication login userlist local group radius aaa authorization network grouplist local group radius aaa session-id common ip subnet-zero ip cef ! ! ip inspect name ALS cuseeme ip inspect name ALS ftp ip inspect name ALS h323 ip inspect name ALS netshow ip inspect name ALS rcmd ip inspect name ALS realaudio ip inspect name ALS rtsp ip inspect name ALS sqlnet ip inspect name ALS streamworks ip inspect name ALS tftp ip inspect name ALS tcp ip inspect name ALS udp ip inspect name ALS vdolive ip inspect name ALS icmp ip inspect name ALS esmtp no ip domain lookup ip domain name ALS no ftp-server write-enable ! ! ! ! ! crypto isakmp policy 1 group 2 ! crypto isakmp policy 3 hash md5 authentication pre-share group 2 crypto isakmp identity hostname ! crypto isakmp client configuration group cisco key cisco dns 10.0.0.2 domain als.com acl 199 ! crypto isakmp client configuration group default key cisco dns 10.0.0.2 pool green acl 199 ! ! crypto ipsec transform-set dessha esp-des esp-sha-hmac ! crypto dynamic-map mode 1 set transform-set dessha ! ! ! ! crypto map mode client authentication list userlist crypto map mode isakmp authorization list grouplist crypto map mode client configuration address respond crypto map mode 1 ipsec-isakmp dynamic mode ! ! ! ! interface FastEthernet0 no ip address no cdp enable ! interface FastEthernet1 no ip address no cdp enable ! interface FastEthernet2 no ip address no cdp enable ! interface FastEthernet3 no ip address no cdp enable ! interface FastEthernet4 description Internet Interface ip address xxx 255.255.255.0 ip inspect ALS out ip nat outside ip virtual-reassembly duplex auto speed auto no cdp enable crypto map mode ! interface Dot11Radio0 no ip address shutdown speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 no cdp enable ! interface Vlan1 description Local Area Network ip address 10.0.0.1 255.255.255.0 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 ! ip local pool green 10.0.0.200 10.0.0.205 ip classless ip route 0.0.0.0 0.0.0.0 xxx ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 10000 ip nat inside source list 1 interface FastEthernet4 overload ip nat inside source static 10.0.0.2 xxx ! logging 10.0.0.2 access-list 1 permit 10.0.0.0 0.0.0.255 access-list 120 permit tcp any any established access-list 120 permit ip host xxx host xxx access-list 120 permit ip host xxx host xxx access-list 120 permit ip host xxx host xxx access-list 120 deny ip 10.0.0.0 0.0.0.255 any access-list 120 permit icmp any host 64.122.18.224 echo-reply access-list 120 permit icmp any host 64.122.18.224 time-exceeded access-list 120 permit icmp any host 64.122.18.224 unreachable access-list 120 deny ip 10.0.0.0 0.255.255.255 any access-list 120 deny ip 172.16.0.0 0.15.255.255 any access-list 120 deny ip 192.168.0.0 0.0.255.255 any access-list 120 deny ip 127.0.0.0 0.255.255.255 any access-list 120 deny ip host 255.255.255.255 any access-list 120 deny ip host 0.0.0.0 any access-list 190 permit ip any any log-input access-list 199 permit ip any any no cdp run radius-server host 10.0.0.2 auth-port 1645 acct-port 1646 ! control-plane ! ! line con 0 no modem enable transport preferred all transport output all line aux 0 transport preferred all transport output all line vty 0 4 privilege level 15 transport preferred all transport input telnet ssh transport output all ! scheduler max-task-time 5000 end
|
Answer : Problem: Cisco 871 EZVPN with Windows Client
|
|
You must use the SECPOL editor on XP. Agree w/Plemieux72 that it would be much simpler to just use the Cisco VPN client. It should be no cost to you. There is no license fee for the VPN client. If you have a CCO account you can download it.
|
|
|