Categories
Welcome Center
Education & Development
Discussions
Certification Preparation
Recent Posts
Groups
Free Resources
Ebooks
Free Workshops
Trending Certifications Infographic
Infosec Training
IT & Security Training
Live Boot Camps
Security Awareness Training
About Infosec Institute
Home
Certification Preparation
Cisco
CCNP (Professional)
Cisco VPN Client disconnect few seconds
knet4
I have a problem Cisco2821 + Cisco Vpn Client
Client can connect on the router, but after a few seconds, disconnection and get an error 433: (Reason Not Specified by Peer)
Config:
hostname test2
boot-start-marker
boot system flash:c2800nm-advsecurityk9-mz.151-4.M7.bin
boot-end-marker
logging buffered 52000
no logging console
enable secret 4 [spass]
aaa new-model
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_9 local
aaa authorization network sdm_vpn_group_ml_9 local
aaa session-id common
clock timezone CET 1 0
clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 2:00
dot11 syslog
no ip subnet-zero
ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.0.254
ip flow-cache timeout active 1
ip domain name domena.local
ip ips notify SDEE
ip address-pool dhcp-pool
multilink bundle-name authenticated
crypto pki server CiscoCA
database level names
lifetime certificate 1
lifetime ca-certificate 1
lifetime enrollment-request 2
crypto pki token default removal timeout 0
crypto pki trustpoint TP-self-signed-282370580
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-282370580
revocation-check none
rsakeypair TP-self-signed-282370580
crypto pki trustpoint EZVPN
enrollment url
http://[]ip]:80
subject-name CN=CiscoCA OU=VPN
revocation-check crl
crypto pki trustpoint CiscoCA
query certificate
revocation-check crl
rsakeypair CiscoCA
crypto pki certificate chain TP-self-signed-282370580
certificate self-signed 01
quit
crypto pki certificate chain EZVPN
certificate 03
3082021D 34
quit
certificate ca 01
308201FD A9
quit
crypto pki certificate chain CiscoCA
certificate ca 01
308201FD 3 A9
quit
license udi pid CISCO2821 sn FCZ0
username admin privilege 15 secret 4 [pass]
username user secret 4 [pass]
redundancy
crypto isakmp policy 2
encr 3des
group 2
crypto isakmp identity dn
crypto isakmp keepalive 10
crypto isakmp client configuration group VPN
pool SDM_POOL
acl VPN_ACL
crypto isakmp profile PROFIL_IKE
ca trust-point EZVPN
match identity group VPN
client authentication list sdm_vpn_xauth_ml_9
isakmp authorization list sdm_vpn_group_ml_9
client configuration address respond
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map DYNAMIC_MAP 10
set security-association idle-time 1200
set transform-set ESP-3DES-SHA
set isakmp-profile PROFIL_IKE
reverse-route
crypto map CRYPTO 65535 ipsec-isakmp dynamic DYNAMIC_MAP
!
interface GigabitEthernet0/0
ip address [ip]
ip flow ingress
ip nat outside
ip virtual-reassembly in
crypto map CRYPTO
interface Vlan1
description LAN
ip address 192.168.0.1 255.255.255.0
ip flow ingress
ip nat inside
ip virtual-reassembly in
ip local pool SDM_POOL 192.168.0.200 192.168.0.210
ip forward-protocol nd
ip http server
no ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip route 0.0.0.0 0.0.0.0 [ip]
ip access-list extended VPN_ACL
permit ip host 192.168.0.10 192.168.0.0 0.0.0.255
permit ip host 192.168.0.20 192.168.0.0 0.0.0.255
permit ip host 192.168.0.30 192.168.0.0 0.0.0.255
logging trap debugging
no cdp run
snmp-server ifindex persist
!
control-plane
!
line con 0
line aux 0
line vty 0 4
transport input all
transport output telnet ssh
Find more posts tagged with
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
There are no comments yet
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
