Hi,
With old firmaware GUI4.0_127553-03_2008.05.14.13.48 VPN connection worked but now with new GUI4.1_50_2008.09.25.12.37 it doesn´t seems to me that DTU´s vpn client doesn´t send group name correctly or vpn server doesn´t get it for some reason??? >From Cisco syslog I found this line after every connection trials with the new >firmware ---- (Server) Authentication PASSED User=nbiuser Group= Client_public_add=xxx.xxx.xx.xx Server_public_addr=xxx.xxx.xxx.xxx Group: does not exist ---- DTU shows "PH1 Connection expired 28G and after downgrading to GUI4.0_127553-03_2008.05.14.13.48 ---- (Server) Authentication PASSED User=nbiuser Group=nbigroup Client_public_add=xxx.xxx.xx.xx Server_public_addr=xxx.xxx.xxx.xxx ----- DTU connects to Sun Ray server through VPN This is our current configuration of the cisco 1800 box Current configuration : 2850 bytes ! ! Last configuration change at 14:48:10 Riga Wed Nov 5 2008 by admin ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname xxx-vpn001 ! boot-start-marker boot-end-marker ! logging buffered 4096 debugging ! aaa new-model ! ! aaa authentication login default local aaa authentication login sdm_vpn_xauth_ml_1 local aaa authorization exec default local aaa authorization network default if-authenticated aaa authorization network sdm_vpn_group_ml_1 local aaa authorization network test local ! aaa session-id common ! resource policy ! clock timezone Riga 2 clock summer-time Riga date Mar 30 2003 3:00 Oct 26 2003 4:00 ! ! ip cef ! ! ! ! ! username nbiuser secret 5 xxxxxxxxxxxxxxxxxxx. ! ! crypto logging ezvpn ! crypto isakmp policy 1 encr aes hash md5 authentication pre-share group 2 lifetime 28800 crypto isakmp client configuration address-pool local SDM_POOL_1 ! crypto isakmp client configuration group nbigroup key srss135NOW pool SDM_POOL_1 save-password max-users 50 max-logins 10 crypto isakmp profile sdm-ike-profile-1 match identity group nbigroup client authentication list sdm_vpn_xauth_ml_1 isakmp authorization list sdm_vpn_group_ml_1 client configuration address respond virtual-template 1 ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set test esp-aes esp-sha-hmac crypto ipsec transform-set ESP_MD5_3DES esp-3des esp-md5-hmac ! crypto ipsec profile SDM_Profile1 set transform-set ESP-3DES-SHA set isakmp-profile sdm-ike-profile-1 ! ! ! ! ! interface FastEthernet0 description $ETH-LAN$ ip address xx.xx.xx.xx 255.255.240.0 speed auto full-duplex ! interface FastEthernet1 description $ETH-LAN$ ip address xx.xx.xx.xxx 255.255.255.224 duplex auto speed auto ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 ! interface FastEthernet5 ! interface FastEthernet6 ! interface FastEthernet7 ! interface FastEthernet8 ! interface FastEthernet9 ! interface Virtual-Template1 type tunnel ip unnumbered FastEthernet1 tunnel mode ipsec ipv4 tunnel protection ipsec profile SDM_Profile1 ! interface Vlan1 no ip address ! interface Async1 no ip address encapsulation slip ! ip local pool SDM_POOL_1 192.168.150.1 192.168.150.254 ip route 0.0.0.0 0.0.0.0 xx.xx.xx.xx permanent ! ! ip http server ip http authentication local no ip http secure-server ! logging trap debugging ! ! ! ! ! ! control-plane ! ! line con 0 line 1 modem InOut stopbits 1 speed 115200 flowcontrol hardware line aux 0 line vty 0 4 transport input telnet ssh line vty 5 15 transport input telnet ssh ! ! webvpn context Default_context ssl authenticate verify all ! no inservice ! end Cheers, Anton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Anton Floor Sent: 5. marraskuuta 2008 10:29 To: 'SunRay-Users mailing list' Subject: [SunRay-Users] Sun Ray VPN with Cisco Hi, We have an odd problem with our Sun Ray VPN setup We managed to get it work ones, but somehow after changing the password of the VPN group it stopped working and now DTU says PH1 connection expired 28G ? >From cisco log we found line " group not found" ? but it is in there!!! So does anyone have cisco ios vpn config working? We use Cisco 1800 box we use local groups and local users of the cisco box.. Cheers, Anton _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users
