Options
Cisco VPN Client disconnect few seconds
knet4
Registered Users Posts: 1 ■□□□□□□□□□
I have a problem Cisco2821 + Cisco Vpn Client
Client can connect on the router, but after a few seconds, disconnection and get an error 433: (Reason Not Specified by Peer)
Config:
hostname test2
boot-start-marker
boot system flash:c2800nm-advsecurityk9-mz.151-4.M7.bin
boot-end-marker
logging buffered 52000
no logging console
enable secret 4 [spass]
aaa new-model
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_9 local
aaa authorization network sdm_vpn_group_ml_9 local
aaa session-id common
clock timezone CET 1 0
clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 2:00
dot11 syslog
no ip subnet-zero
ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.0.254
ip flow-cache timeout active 1
ip domain name domena.local
ip ips notify SDEE
ip address-pool dhcp-pool
multilink bundle-name authenticated
crypto pki server CiscoCA
database level names
lifetime certificate 1
lifetime ca-certificate 1
lifetime enrollment-request 2
crypto pki token default removal timeout 0
crypto pki trustpoint TP-self-signed-282370580
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-282370580
revocation-check none
rsakeypair TP-self-signed-282370580
crypto pki trustpoint EZVPN
enrollment url http://[]ip]:80
subject-name CN=CiscoCA OU=VPN
revocation-check crl
crypto pki trustpoint CiscoCA
query certificate
revocation-check crl
rsakeypair CiscoCA
crypto pki certificate chain TP-self-signed-282370580
certificate self-signed 01
quit
crypto pki certificate chain EZVPN
certificate 03
3082021D 34
quit
certificate ca 01
308201FD A9
quit
crypto pki certificate chain CiscoCA
certificate ca 01
308201FD 3 A9
quit
license udi pid CISCO2821 sn FCZ0
username admin privilege 15 secret 4 [pass]
username user secret 4 [pass]
redundancy
crypto isakmp policy 2
encr 3des
group 2
crypto isakmp identity dn
crypto isakmp keepalive 10
crypto isakmp client configuration group VPN
pool SDM_POOL
acl VPN_ACL
crypto isakmp profile PROFIL_IKE
ca trust-point EZVPN
match identity group VPN
client authentication list sdm_vpn_xauth_ml_9
isakmp authorization list sdm_vpn_group_ml_9
client configuration address respond
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map DYNAMIC_MAP 10
set security-association idle-time 1200
set transform-set ESP-3DES-SHA
set isakmp-profile PROFIL_IKE
reverse-route
crypto map CRYPTO 65535 ipsec-isakmp dynamic DYNAMIC_MAP
!
interface GigabitEthernet0/0
ip address [ip]
ip flow ingress
ip nat outside
ip virtual-reassembly in
crypto map CRYPTO
interface Vlan1
description LAN
ip address 192.168.0.1 255.255.255.0
ip flow ingress
ip nat inside
ip virtual-reassembly in
ip local pool SDM_POOL 192.168.0.200 192.168.0.210
ip forward-protocol nd
ip http server
no ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip route 0.0.0.0 0.0.0.0 [ip]
ip access-list extended VPN_ACL
permit ip host 192.168.0.10 192.168.0.0 0.0.0.255
permit ip host 192.168.0.20 192.168.0.0 0.0.0.255
permit ip host 192.168.0.30 192.168.0.0 0.0.0.255
logging trap debugging
no cdp run
snmp-server ifindex persist
!
control-plane
!
line con 0
line aux 0
line vty 0 4
transport input all
transport output telnet ssh
Client can connect on the router, but after a few seconds, disconnection and get an error 433: (Reason Not Specified by Peer)
Config:
hostname test2
boot-start-marker
boot system flash:c2800nm-advsecurityk9-mz.151-4.M7.bin
boot-end-marker
logging buffered 52000
no logging console
enable secret 4 [spass]
aaa new-model
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_9 local
aaa authorization network sdm_vpn_group_ml_9 local
aaa session-id common
clock timezone CET 1 0
clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 2:00
dot11 syslog
no ip subnet-zero
ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.0.254
ip flow-cache timeout active 1
ip domain name domena.local
ip ips notify SDEE
ip address-pool dhcp-pool
multilink bundle-name authenticated
crypto pki server CiscoCA
database level names
lifetime certificate 1
lifetime ca-certificate 1
lifetime enrollment-request 2
crypto pki token default removal timeout 0
crypto pki trustpoint TP-self-signed-282370580
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-282370580
revocation-check none
rsakeypair TP-self-signed-282370580
crypto pki trustpoint EZVPN
enrollment url http://[]ip]:80
subject-name CN=CiscoCA OU=VPN
revocation-check crl
crypto pki trustpoint CiscoCA
query certificate
revocation-check crl
rsakeypair CiscoCA
crypto pki certificate chain TP-self-signed-282370580
certificate self-signed 01
quit
crypto pki certificate chain EZVPN
certificate 03
3082021D 34
quit
certificate ca 01
308201FD A9
quit
crypto pki certificate chain CiscoCA
certificate ca 01
308201FD 3 A9
quit
license udi pid CISCO2821 sn FCZ0
username admin privilege 15 secret 4 [pass]
username user secret 4 [pass]
redundancy
crypto isakmp policy 2
encr 3des
group 2
crypto isakmp identity dn
crypto isakmp keepalive 10
crypto isakmp client configuration group VPN
pool SDM_POOL
acl VPN_ACL
crypto isakmp profile PROFIL_IKE
ca trust-point EZVPN
match identity group VPN
client authentication list sdm_vpn_xauth_ml_9
isakmp authorization list sdm_vpn_group_ml_9
client configuration address respond
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map DYNAMIC_MAP 10
set security-association idle-time 1200
set transform-set ESP-3DES-SHA
set isakmp-profile PROFIL_IKE
reverse-route
crypto map CRYPTO 65535 ipsec-isakmp dynamic DYNAMIC_MAP
!
interface GigabitEthernet0/0
ip address [ip]
ip flow ingress
ip nat outside
ip virtual-reassembly in
crypto map CRYPTO
interface Vlan1
description LAN
ip address 192.168.0.1 255.255.255.0
ip flow ingress
ip nat inside
ip virtual-reassembly in
ip local pool SDM_POOL 192.168.0.200 192.168.0.210
ip forward-protocol nd
ip http server
no ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip route 0.0.0.0 0.0.0.0 [ip]
ip access-list extended VPN_ACL
permit ip host 192.168.0.10 192.168.0.0 0.0.0.255
permit ip host 192.168.0.20 192.168.0.0 0.0.0.255
permit ip host 192.168.0.30 192.168.0.0 0.0.0.255
logging trap debugging
no cdp run
snmp-server ifindex persist
!
control-plane
!
line con 0
line aux 0
line vty 0 4
transport input all
transport output telnet ssh