Question : Problem: Cisco 871 EZVPN with Windows Client

I am and trying to setuo an EZVPN server for a client that has a Windows 2000 server and a Cisco 871 Router.  They don't want to pay for the Cisco client, so I want them to be able to use a Windows Client to connect.  My config is posted below.  Can someone tell me why I am unable to creat a VPN connection?

Current configuration : 4182 bytes
!
! Last configuration change at 22:53:40 UTC Thu Oct 20 2005 by servaltech
! NVRAM config last updated at 22:57:19 UTC Thu Oct 20 2005 by servaltech
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ALS
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
enable password xxx
!
username servaltech privilege 15 secret xxx
username test password xxx
aaa new-model
!
!
aaa authentication login userlist local group radius
aaa authorization network grouplist local group radius
aaa session-id common
ip subnet-zero
ip cef
!
!
ip inspect name ALS cuseeme
ip inspect name ALS ftp
ip inspect name ALS h323
ip inspect name ALS netshow
ip inspect name ALS rcmd
ip inspect name ALS realaudio
ip inspect name ALS rtsp
ip inspect name ALS sqlnet
ip inspect name ALS streamworks
ip inspect name ALS tftp
ip inspect name ALS tcp
ip inspect name ALS udp
ip inspect name ALS vdolive
ip inspect name ALS icmp
ip inspect name ALS esmtp
no ip domain lookup
ip domain name ALS
no ftp-server write-enable
!
!
!
!
!
crypto isakmp policy 1
 group 2
!
crypto isakmp policy 3
 hash md5
 authentication pre-share
 group 2
crypto isakmp identity hostname
!
crypto isakmp client configuration group cisco
 key cisco
 dns 10.0.0.2
 domain als.com
 acl 199
!
crypto isakmp client configuration group default
 key cisco
 dns 10.0.0.2
 pool green
 acl 199
!
!
crypto ipsec transform-set dessha esp-des esp-sha-hmac
!
crypto dynamic-map mode 1
 set transform-set dessha
!
!
!
!
crypto map mode client authentication list userlist
crypto map mode isakmp authorization list grouplist
crypto map mode client configuration address respond
crypto map mode 1 ipsec-isakmp dynamic mode
!
!
!
!
interface FastEthernet0
 no ip address
 no cdp enable
!
interface FastEthernet1
 no ip address
 no cdp enable
!
interface FastEthernet2
 no ip address
 no cdp enable
!
interface FastEthernet3
 no ip address
 no cdp enable
!
interface FastEthernet4
 description Internet Interface
 ip address xxx 255.255.255.0
 ip inspect ALS out
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 no cdp enable
 crypto map mode
!
interface Dot11Radio0
 no ip address
 shutdown
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 no cdp enable
!
interface Vlan1
 description Local Area Network
 ip address 10.0.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
ip local pool green 10.0.0.200 10.0.0.205
ip classless
ip route 0.0.0.0 0.0.0.0 xxx
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static 10.0.0.2 xxx
!
logging 10.0.0.2
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 120 permit tcp any any established
access-list 120 permit ip host xxx host xxx
access-list 120 permit ip host xxx host xxx
access-list 120 permit ip host xxx host xxx
access-list 120 deny   ip 10.0.0.0 0.0.0.255 any
access-list 120 permit icmp any host 64.122.18.224 echo-reply
access-list 120 permit icmp any host 64.122.18.224 time-exceeded
access-list 120 permit icmp any host 64.122.18.224 unreachable
access-list 120 deny   ip 10.0.0.0 0.255.255.255 any
access-list 120 deny   ip 172.16.0.0 0.15.255.255 any
access-list 120 deny   ip 192.168.0.0 0.0.255.255 any
access-list 120 deny   ip 127.0.0.0 0.255.255.255 any
access-list 120 deny   ip host 255.255.255.255 any
access-list 120 deny   ip host 0.0.0.0 any
access-list 190 permit ip any any log-input
access-list 199 permit ip any any
no cdp run
radius-server host 10.0.0.2 auth-port 1645 acct-port 1646
!
control-plane
!
!
line con 0
 no modem enable
 transport preferred all
 transport output all
line aux 0
 transport preferred all
 transport output all
line vty 0 4
 privilege level 15
 transport preferred all
 transport input telnet ssh
 transport output all
!
scheduler max-task-time 5000
end

Answer : Problem: Cisco 871 EZVPN with Windows Client

You must use the SECPOL editor on XP.
Agree w/Plemieux72 that it would be much simpler to just use the Cisco VPN client. It should be no cost to you. There is no license fee for the VPN client. If you have a CCO account you can download it.
Random Solutions  
 
programming4us programming4us