GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: IPSec question: VPN client to Router posted 09/20/2001
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Except for a little over configuration config looks ok. ON client capture
log during session establishment and post. That might give us more idea.
When you right click on tray icon for vpn client, you may have some option
for log viewer.

Sam
CCIE # 6479, CSS1

> My Lab is:
>
> [Cisco 1603] ------------ethernet --------------[Laptop with VPN client]
>
> (129.100.101.71) (129.100.101.73)
>
> I want all traffic from Laptop to int. loopback0 on 1603 is protected. But
> it does't work.
>
> Only error massage appears as below:
>
> 1d07h: %CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet.
> (ip) dest_addr= 10.10.10.1, src_addr= 129.100.101.73, prot= 1
>
> I expect that some one can help me. Thanks in advance!
>
> Nguyen Hoang Long
>
> CCNP/CCDP
>
> ################################# config on Cisco 1603 ##################
> crypto isakmp policy 10
> hash md5
> authentication pre-share
> crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
> crypto isakmp client configuration address-pool local vpn-pool
> !
> crypto ipsec transform-set mypolicy esp-des esp-md5-hmac
> crypto dynamic-map dyna 10
> set transform-set mypolicy
> match address 101
> crypto map test client configuration address initiate
> crypto map test client configuration address respond
> crypto map test 10 ipsec-isakmp dynamic dyna
> interface Loopback0
> ip address 10.10.10.1 255.255.255.0
> interface Ethernet0
> ip address 129.100.101.71 255.255.255.0
> crypto map test
> cdapi buffers large 0
> ip local pool vpn-pool 10.10.1.1 10.10.1.254
> access-list 101 permit ip host 129.100.101.73 10.10.10.0 0.0.0.255

You don't need this line.

> access-list 101 permit ip 10.10.10.0 0.0.0.255 host 129.100.101.73
> ####################### config on VPN client ############################
>
> 1- Myconn
> My Identity
> Connection security: Secure
> Remote Party Identity and addressing
> ID Type: IP subnet
> 10.10.10.0
>
> 255.255.255.0
> Port all Protocol all
>
>
> Connect using secure tunnel
> ID Type: IP address
> 129.100.101.71
>
> Authentication (Phase 1)
> Proposal 1
>
> Authentication method: Preshared key
> Encryp Alg: DES
> Hash Alg: MD5
> SA life: Unspecified
> Key Group: DH 1
>
> Key exchange (Phase 2)
> Proposal 1
> Encapsulation ESP
> Encrypt Alg: DES
> Hash Alg: MD5
> Encap: tunnel
> SA life: Unspecified
> no AH
>
> 2- Other Connections
> Connection security: Non-secure
> Local Network Interface
> Name: Any
> IP Addr: Any
> Port: All
> **Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
_______________________________________________________
To unsubscribe from the CCIELAB list, send a message to
majordomo@xxxxxxxxxxxxxx with the body containing:
unsubscribe ccielab