I'm getting following error in Ezvpn remote access VPN configuration CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at
I m using cisco 7200 series router IOS version is :Version 12.4(24)T3 (c7200-adventerprisek9-mz.124-24.T3.bin) Please help. Pleas find the config below:- R3#sho run Building configuration... Current configuration : 2193 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R3 ! boot-start-marker boot-end-marker ! ! aaa new-model ! ! aaa authentication login CONSOLE none aaa authentication login EZVPN local aaa authorization network EZVPN local ! aaa session-id common ! ! ip cef ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! username CISCO password 0 CISCO123 ! ! ! ! crypto isakmp policy 10 encr 3des hash md5 authentication pre-share group 2 crypto isakmp client configuration address-pool local EZVPN ! crypto isakmp client configuration group EZVPN key CISCO pool EZVPN acl SPLIT-TUNNEL ! ! crypto ipsec transform-set MYSET esp-3des esp-md5-hmac ! crypto dynamic-map DYNAMIC 10 set transform-set MYSET reverse-route ! ! crypto map MYMAP client authentication list EZVPN67 crypto map MYMAP isakmp authorization list EZVPN67 crypto map MYMAP client configuration address respond crypto map MYMAP 10 ipsec-isakmp dynamic DYNAMIC ! ! ! ! interface FastEthernet0/0 no ip address shutdown duplex half ! interface Ethernet1/0 ip address 136.1.123.3 255.255.255.0 duplex full ! interface Ethernet1/1 ip address 136.1.100.3 255.255.255.0 duplex full crypto map MYMAP ! interface Ethernet1/2 no ip address shutdown duplex half ! interface Ethernet1/3 no ip address shutdown duplex half ! interface Serial2/0 no ip address shutdown serial restart-delay 0 no fair-queue ! interface Serial2/1 ip address 136.1.23.3 255.255.255.0 serial restart-delay 0 ! interface Serial2/2 no ip address shutdown serial restart-delay 0 ! interface Serial2/3 no ip address shutdown serial restart-delay 0 ! ! router ospf 1 log-adjacency-changes redistribute static subnets network 136.1.23.0 0.0.0.255 area 0 network 136.1.100.0 0.0.0.255 area 0 network 136.1.123.0 0.0.0.255 area 0 ! ip local pool EZVPN 20.0.0.1 20.0.0.254 ip forward-protocol nd ! no ip http server no ip http secure-server ! ! ! ip access-list extended SPLIT-TUNNEL permit ip 10.0.0.0 0.0.0.255 any ! ! ! control-plane ! ! ! ! ! ! gatekeeper shutdown ! ! line con 0 login authentication CONSOLE stopbits 1 line aux 0 stopbits 1 line vty 0 4 ! ! en -- Thanks & Regards, Yusef Sherif Sr. Network Engineer
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
