Cisco VPN Client disconnect few seconds

knet4knet4 Registered Users Posts: 1 ■□□□□□□□□□
I have a problem Cisco2821 + Cisco Vpn Client
Client can connect on the router, but after a few seconds, disconnection and get an error 433: (Reason Not Specified by Peer)

hostname test2

boot system flash:c2800nm-advsecurityk9-mz.151-4.M7.bin

logging buffered 52000
no logging console
enable secret 4 [spass]

aaa new-model

aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_9 local
aaa authorization network sdm_vpn_group_ml_9 local

aaa session-id common

clock timezone CET 1 0
clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 2:00

dot11 syslog
no ip subnet-zero
ip source-route

ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address

ip flow-cache timeout active 1
ip domain name domena.local
ip ips notify SDEE
ip address-pool dhcp-pool

multilink bundle-name authenticated

crypto pki server CiscoCA
database level names
lifetime certificate 1
lifetime ca-certificate 1
lifetime enrollment-request 2
crypto pki token default removal timeout 0

crypto pki trustpoint TP-self-signed-282370580
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-282370580
revocation-check none
rsakeypair TP-self-signed-282370580

crypto pki trustpoint EZVPN
enrollment url http://[]ip]:80
subject-name CN=CiscoCA OU=VPN
revocation-check crl

crypto pki trustpoint CiscoCA
query certificate
revocation-check crl
rsakeypair CiscoCA

crypto pki certificate chain TP-self-signed-282370580
certificate self-signed 01
crypto pki certificate chain EZVPN
certificate 03
3082021D 34
certificate ca 01
308201FD A9
crypto pki certificate chain CiscoCA
certificate ca 01
308201FD 3 A9

license udi pid CISCO2821 sn FCZ0
username admin privilege 15 secret 4 [pass]
username user secret 4 [pass]


crypto isakmp policy 2
encr 3des
group 2
crypto isakmp identity dn
crypto isakmp keepalive 10

crypto isakmp client configuration group VPN
crypto isakmp profile PROFIL_IKE
ca trust-point EZVPN
match identity group VPN
client authentication list sdm_vpn_xauth_ml_9
isakmp authorization list sdm_vpn_group_ml_9
client configuration address respond

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto dynamic-map DYNAMIC_MAP 10
set security-association idle-time 1200
set transform-set ESP-3DES-SHA
set isakmp-profile PROFIL_IKE

crypto map CRYPTO 65535 ipsec-isakmp dynamic DYNAMIC_MAP
interface GigabitEthernet0/0
ip address [ip]
ip flow ingress
ip nat outside
ip virtual-reassembly in
crypto map CRYPTO

interface Vlan1
description LAN
ip address
ip flow ingress
ip nat inside
ip virtual-reassembly in

ip local pool SDM_POOL
ip forward-protocol nd
ip http server
no ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip route [ip]

ip access-list extended VPN_ACL
permit ip host
permit ip host
permit ip host

logging trap debugging
no cdp run
snmp-server ifindex persist
line con 0
line aux 0
line vty 0 4
transport input all
transport output telnet ssh
Sign In or Register to comment.