OpenForum RSS: Easy VPN Site-to-Site

Easy VPN Site-to-Site (mansell)

Tue, 24 Nov 2009 07:00:37 GMT

>[�� ]
> mode network-plus
> username XXXX password XXXX
> xauth userid mode local
>
>
>interface FastEthernet4
> crypto ipsec client ezvpn XXXX
>
>interface Vlan1
> crypto ipsec client ezvpn XXXX inside

�� ))) �� )))

�� crypto isakmp key cisco123 address 192.168.50.200 no-xauth

Easy VPN Site-to-Site (mansell)

Tue, 24 Nov 2009 05:52:04 GMT

VPN_server#
*Nov 24 05:40:52.619: ISAKMP:(0:0:N/A:0):Authentication method offered does not match policy!
*Nov 24 05:40:52.619: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3
*Nov 24 05:40:52.619: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 20 against priority 65535 policy
*Nov 24 05:40:52.623: ISAKMP: encryption DES-CBC
*Nov 24 05:40:52.623: ISAKMP: hash MD5
*Nov 24 05:40:52.623: ISAKMP: default group 2
*Nov 24 05:40:52.623: ISAKMP: auth pre-share
*Nov 24 05:40:52.623: ISAKMP: life type in seconds
*Nov 24 05:40:52.623: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Nov 24 05:40:52.623: ISAKMP:(0:0:N/A:0):Hash algorithm offered does not match policy!
*Nov 24 05:40:52.623: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 0
*Nov 24 05:40:52.623: ISAKMP:(0:0:N/A:0):no offers accepted!
*Nov 24 05:40:52.623: ISAKMP:(0:0:N/A:0): phase 1 SA policy not acceptable! (local 192.168.50.100 remote 192.168.50.200)
*Nov 24 05:40:52.623: ISAKMP (0:0)

Easy VPN Site-to-Site (mansell)

Tue, 24 Nov 2009 05:50:58 GMT

�� ) �� - �� .

VPN_client#
*Mar 5 23:28:31.767: ISAKMP:(0):purging SA., sa=829AE5C0, delme=829AE5C0
*Mar 5 23:28:48.311: ISAKMP: quick mode timer expired.
*Mar 5 23:28:48.311: ISAKMP:(0):src 192.168.50.200 dst 192.168.50.100, SA is not authenticated
*Mar 5 23:28:48.311: ISAKMP:(0):peer does not do paranoid keepalives.

*Mar 5 23:28:48.311: ISAKMP:(0):deleting SA reason "QM_TIMER expired" state (I) AG_INIT_EXCH (peer 192.168.50.100)
*Mar 5 23:28:48.311: ISAKMP:(0):deleting SA reason "QM_TIMER expired" state (I) AG_INIT_EXCH (peer 192.168.50.100)
*Mar 5 23:28:48.311: ISAKMP: Unlocking peer struct 0x82642E50 for isadb_mark_sa_deleted(), count 0
*Mar 5 23:28:48.311: ISAKMP: Deleting peer node by peer_reap for 192.168.50.100: 82642E50
*Mar 5 23:28:48.311: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
*Mar 5 23:28:48.311: ISAKMP:(0):Old State = IKE_I_AM1 New State = IKE_DEST_SA

*Mar 5 23:28:48.311: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client) User= Gr

Easy VPN Site-to-Site (denp)

Mon, 23 Nov 2009 13:58:43 GMT

�� :

1) �� :

username XXX privilege 0 password XXXX

crypto isakmp client configuration group XXXX
key XXXX
pool XXXX
save-password

2) �� :

crypto ipsec client ezvpn XXXX
connect auto
group XXXX key XXXX
mode network-plus
username XXXX password XXXX
xauth userid mode local

interface FastEthernet4
crypto ipsec client ezvpn XXXX

interface Vlan1
crypto ipsec client ezvpn XXXX inside