I must've fat fingered something previously. I just recreated the scenario from scratch and it worked fine this time.
Jason On Sun, Sep 23, 2012 at 1:14 PM, Jason Madsen <[email protected]>wrote: > Hi Group, > > Playing around w Remote Access IPSec VPN in IOS (not SSL etc). Is there a > way to make this work *without* using a Virtual-Template (DVTI), EZVPN > ("crypto ipsec client ezvpn" ...), or similar approach? > > I tried setting this scenario up using just the following IOS components > (and some others): > > > - isakmp policy > - PSK > - isakmp profile > - matched Group identity > - client authentication > - isakmp authorization > - client address respond > - isakmp group > - Group key > - address pool > - split tunnel ACL > - ipsec transform set > - typical > - crypto dynamic map > - set tranform set > - set ISAKMP profile > - reverse route > - crypto map > - associated with dynamic map > - applied to outside interface > - also tried doing isakmp authorization and client authentication > and address respond here as well > - aaa for login authentication and network authorization > - typical > - ip local pool > - typical > > didn't have NAT or ACLs configured. routing was in place. IKE Phase I > would complete successfully, but Phase II wouldn't. If this is a > configuration that should work, please provide a config' example. > > > Thanks, > > Jason >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
