first,who have the example config?authen with local? help,now,I have a lab:pc-->ethernet0/1-->ethernet 0/0-->lan,I didnot set the address of e0/1 as the pc's gateway,so,the pc can't visit the lan.but can connect the e0/1,now,I try to config the 2611 as a vpn server,and use cisco vpn client in the pc to dial in the 2611,then gets a ipaddress that is in the same subnet with net lan,and the pc can visit the lan.the following is the config of 2611: Current configuration : 1549 bytes ! version 12.2 no parser cache no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname vpn ! logging rate-limit console 10 except errors enable secret 5 $1$LR6x$kcoI5g9VddYYLeowg8QJd/ enable password cisco ! username vpn password 0 vpn ! ! ip subnet-zero ! ! ip audit notify log ip audit po max-events 100 ip ssh time-out 120 ip ssh authentication-retries 2 no ip dhcp-client network-discovery vpdn enable ! vpdn-group 10 ! Default PPTP VPDN group accept-dialin protocol pptp ! ! crypto isakmp policy 10 encr des hash md5 authentication pre-share group 2 crypto isakmp client configuration address-pool local vpn ! ! crypto ipsec transFORM-set myset esp-des esp-md5-hmac ! crypto dynamic-map dynmap 10 set transFORM-set myset match address 101 ! ! ! crypto map mymap client configuration address initiate crypto map mymap client configuration address respond crypto map mymap 10 ipsec-isakmp dynamic dynmap ! call rsvp-sync ! interface Ethernet0/0 ip address 192.168.0.200 255.255.255.0 half-duplex ! interface Ethernet0/1 ip address 192.168.10.254 255.255.255.0 half-duplex crypto map mymap ! interface Ethernet1/0 no ip address shutdown half-duplex ! ip local pool vpn 192.168.0.201 192.168.0.210 ip classless ip http server ! access-list 101 permit ip any any ! ! ! dial-peer cor custom ! line con 0 line aux 0 line vty 0 4 password cisco login line vty 5 15 password cisco login ! no scheduler allocate ! end when I try to dial in the 2611,2611 says: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at 192.168.10.2 and cisco.com tells me that may be something wrong with des/3des/group1/group2/md5/sha,but I almost try all the possiblities,it still failed,and the vpn client tells me:Remote peer is no longer responding. my os is 2000 professional.who know the default hash/authen/group/des of cisco vpn client,how to modify these in vpn client? what wrong with my config?help!
Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=45333&t=45333 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
