Hi Group,
Playing around w Remote Access IPSec VPN in IOS (not SSL etc). Is there a
way to make this work *without* using a Virtual-Template (DVTI), EZVPN
("crypto ipsec client ezvpn" ...), or similar approach?
I tried setting this scenario up using just the following IOS components
(and some others):
- isakmp policy
- PSK
- isakmp profile
- matched Group identity
- client authentication
- isakmp authorization
- client address respond
- isakmp group
- Group key
- address pool
- split tunnel ACL
- ipsec transform set
- typical
- crypto dynamic map
- set tranform set
- set ISAKMP profile
- reverse route
- crypto map
- associated with dynamic map
- applied to outside interface
- also tried doing isakmp authorization and client authentication and
address respond here as well
- aaa for login authentication and network authorization
- typical
- ip local pool
- typical
didn't have NAT or ACLs configured. routing was in place. IKE Phase I
would complete successfully, but Phase II wouldn't. If this is a
configuration that should work, please provide a config' example.
Thanks,
Jason
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
