Just an update to anyone else working on this problem the end result of my testing is that the phase1 completes just fine but the phase2 fails. Problem is the Tadpole never gets prompted for the user authentication and the debug on the cisco indicates it is sending XAUTH_USER_NAME_V2 and XAUTH_USER_PASSWORD_V2 and getting no response.
Any thoughts or suggestions would be appreciated. My cisco config: aaa authentication login userlist local aaa authorization network grouplist local ! ! ! username cisco password 0 cisco ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp client configuration group cisco key cisco dns 10.0.100.10 domain ops.qualys.com pool green acl 199 ! ! crypto ipsec transform-set mytr esp-3des esp-sha-hmac ! crypto dynamic-map mode 1 set transform-set mytr ! ! crypto map mode client authentication list userlist crypto map mode isakmp authorization list grouplist crypto map mode client configuration address initiate crypto map mode client configuration address respond crypto map mode 1 ipsec-isakmp dynamic mode ! ! ! ip local pool green 10.42.42.1 10.42.42.42 ! ! interface FastEthernet0 ip address 10.x.x.x 255.255.255.0 duplex auto speed auto crypto map mode ! ! access-list 199 permit ip 192.168.200.0 0.0.0.255 any Tadpole: Firmware: 1.4.8 IPSec VPN: IKE Tunnelled Aggressive Mode Encr: 3des Auth SHA-1 DH: Group 2 Cheers, -Chuck -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Constantine Morris Sent: Thursday, June 11, 2009 1:36 PM To: SunRay-Users mailing list Subject: Re: [SunRay-Users] Tadpole 4100? We are using the Tadpole M1400 with Juniper SSG 350 and it works like a charm. Tadpole Settings are: Phase 1 - Aggressive Mode Device ID - E-mail address Encryption - 3DES-CBC Authentication - SHA1 Group 2 (MODP 1024) PFS - None Xauth - preshared Key Static IP - x.x.x.x VPN Server - x.x.x.x Hope this helps. Costa -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Paul Whitener Sent: Thursday, June 11, 2009 3:12 PM To: SunRay-Users mailing list Subject: Re: [SunRay-Users] Tadpole 4100? I have the Comet 150 version and it connects to Cisco EZVPN great! IKE Aggressive Mode 3DES-CBC Auth MD5 DH Group2 MODP 1024 aes-128 /paul -----Original Message----- >From: Charles Greco <[email protected]> >Sent: Jun 10, 2009 10:34 PM >To: SunRay-Users mailing list <[email protected]> >Subject: Re: [SunRay-Users] Tadpole 4100? > >Oh, that's really confusing as I wrote it. I was speaking of dial-in vpn >access. E.g. using the vpn client built into the Tadpole. I've played >with various configurations and can't seem to get it to work smoothly. > > > >-----Original Message----- >From: [email protected] >[mailto:[email protected]] On Behalf Of Craig Bender >Sent: Wednesday, June 10, 2009 7:11 PM >To: SunRay-Users mailing list >Subject: Re: [SunRay-Users] Tadpole 4100? > >Dial in? > >Charles Greco wrote: >> Hello all, >> >> Has anyone configured a cisco router device to allow dial-in access >from >> a Tadpole Comet SunRay client? If you've got a working config sample >let >> me know. >> >> Cheers, >> -Chuck >> >> -------------------------------------------------------------------- >> >> This e-mail message, including any attachments, is for the sole use of >the intended recipient(s) and may contain confidential and privileged >information. Unauthorized review, use, disclosure or distribution is >prohibited. If you are not the intended recipient, please contact the >sender by reply e-mail and destroy all copies of the original message. >Thank you. >> _______________________________________________ >> SunRay-Users mailing list >> [email protected] >> http://www.filibeto.org/mailman/listinfo/sunray-users >_______________________________________________ >SunRay-Users mailing list >[email protected] >http://www.filibeto.org/mailman/listinfo/sunray-users >_______________________________________________ >SunRay-Users mailing list >[email protected] >http://www.filibeto.org/mailman/listinfo/sunray-users _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users
