Question : Problem: Cisco 871 EZVPN with Windows Client

I am and trying to setuo an EZVPN server for a client that has a Windows 2000 server and a Cisco 871 Router. They don't want to pay for the Cisco client, so I want them to be able to use a Windows Client to connect. My config is posted below. Can someone tell me why I am unable to creat a VPN connection?

Current configuration : 4182 bytes
!
! Last configuration change at 22:53:40 UTC Thu Oct 20 2005 by servaltech
! NVRAM config last updated at 22:57:19 UTC Thu Oct 20 2005 by servaltech
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ALS
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
enable password xxx
!
username servaltech privilege 15 secret xxx
username test password xxx
aaa new-model
!
!
aaa authentication login userlist local group radius
aaa authorization network grouplist local group radius
aaa session-id common
ip subnet-zero
ip cef
!
!
ip inspect name ALS cuseeme
ip inspect name ALS ftp
ip inspect name ALS h323
ip inspect name ALS netshow
ip inspect name ALS rcmd
ip inspect name ALS realaudio
ip inspect name ALS rtsp
ip inspect name ALS sqlnet
ip inspect name ALS streamworks
ip inspect name ALS tftp
ip inspect name ALS tcp
ip inspect name ALS udp
ip inspect name ALS vdolive
ip inspect name ALS icmp
ip inspect name ALS esmtp
no ip domain lookup
ip domain name ALS
no ftp-server write-enable
!
!
!
!
!
crypto isakmp policy 1
group 2
!
crypto isakmp policy 3
hash md5
authentication pre-share
group 2
crypto isakmp identity hostname
!
crypto isakmp client configuration group cisco
key cisco
dns 10.0.0.2
domain als.com
acl 199
!
crypto isakmp client configuration group default
key cisco
dns 10.0.0.2
pool green
acl 199
!
!
crypto ipsec transform-set dessha esp-des esp-sha-hmac
!
crypto dynamic-map mode 1
set transform-set dessha
!
!
!
!
crypto map mode client authentication list userlist
crypto map mode isakmp authorization list grouplist
crypto map mode client configuration address respond
crypto map mode 1 ipsec-isakmp dynamic mode
!
!
!
!
interface FastEthernet0
no ip address
no cdp enable
!
interface FastEthernet1
no ip address
no cdp enable
!
interface FastEthernet2
no ip address
no cdp enable
!
interface FastEthernet3
no ip address
no cdp enable
!
interface FastEthernet4
description Internet Interface
ip address xxx 255.255.255.0
ip inspect ALS out
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
crypto map mode
!
interface Dot11Radio0
no ip address
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
no cdp enable
!
interface Vlan1
description Local Area Network
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip local pool green 10.0.0.200 10.0.0.205
ip classless
ip route 0.0.0.0 0.0.0.0 xxx
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static 10.0.0.2 xxx
!
logging 10.0.0.2
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 120 permit tcp any any established
access-list 120 permit ip host xxx host xxx
access-list 120 permit ip host xxx host xxx
access-list 120 permit ip host xxx host xxx
access-list 120 deny ip 10.0.0.0 0.0.0.255 any
access-list 120 permit icmp any host 64.122.18.224 echo-reply
access-list 120 permit icmp any host 64.122.18.224 time-exceeded
access-list 120 permit icmp any host 64.122.18.224 unreachable
access-list 120 deny ip 10.0.0.0 0.255.255.255 any
access-list 120 deny ip 172.16.0.0 0.15.255.255 any
access-list 120 deny ip 192.168.0.0 0.0.255.255 any
access-list 120 deny ip 127.0.0.0 0.255.255.255 any
access-list 120 deny ip host 255.255.255.255 any
access-list 120 deny ip host 0.0.0.0 any
access-list 190 permit ip any any log-input
access-list 199 permit ip any any
no cdp run
radius-server host 10.0.0.2 auth-port 1645 acct-port 1646
!
control-plane
!
!
line con 0
no modem enable
transport preferred all
transport output all
line aux 0
transport preferred all
transport output all
line vty 0 4
privilege level 15
transport preferred all
transport input telnet ssh
transport output all
!
scheduler max-task-time 5000
end

Answer : Problem: Cisco 871 EZVPN with Windows Client

You must use the SECPOL editor on XP.
Agree w/Plemieux72 that it would be much simpler to just use the Cisco VPN client. It should be no cost to you. There is no license fee for the VPN client. If you have a CCO account you can download it.

Random Solutions

Problem: Hyper Threading on SIS661FX

Problem: Using second hard drive as storage...

Problem: Win Ce 5.0 wakeup

Problem: WTF's up with my iSCSI network config ???

Problem: iPhone Exchange 2007 mail sync Freezes

Problem: computer won't post.

Problem: Can't get online! Airport/Network/Mac problems!

Problem: What does the "65 nm" in a 65 nm processor measure and is this independent of socket architecture?

Problem: PCI Express 8x in a slot 16x

Problem: Clients can connect to database on VPN through wired ethernet but not through wireless