Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN client, connect PC to Cisco 1811 router

Status
Not open for further replies.
erga

erga

Technical User
Apr 11, 2008
7
AL
I'm trying to set up an 1811 Cisco router to accept VPN connections. I created a group, provided a pre-shared key.
I try to connect with my PC (XP) using Cisco VPN Client but at the hypterminal window I see the message

%CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from 10.250.24.25 was not encrypted and it should've been.

I believe I should use another VPN Client, from what I saw while researching online it was Cisco Secure VPN client that supports pre-shared keys, but I can't find this software for download anywhere.

Could you please suggest me a VPN Client that I could use, if this is my problem, or please suggest what could be my problem.

Thanks in advance

Erga

 
Sort by date Sort by votes
I was using Cisco VPN client.
Do I need Cisco Secure VPN client?
 
Upvote 0 Downvote
In that case, that's what I tried. Versions 3.x, 4.x and 5.0

And it doesn't work, I keep getting that message on the hypertermninal window.
 
Upvote 0 Downvote
Then your configuration on your router is incorrect. You will have to post a scrubbed copy of your configuration.
 
Upvote 0 Downvote
Thanks for your fast reply.

I will post the configuration on Monday
 
Upvote 0 Downvote
There is only one cisco vpn client "
Isn't there a client for ipsec and one for ssl vpn's?

Burt
 
Upvote 0 Downvote
Yes, burt it is now called Anyconnect. However you load it on the device, not on the pc.
 
Upvote 0 Downvote
Oh...I thought you could load it on the pc to avoid going through that AnyConnect crap..."connecting, loading Java, accept this certificate, more blablabla, FINALLY connected!"
"%CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from 10.250.24.25 was not encrypted and it should've been."
This sometimes means that ESP/IPSEC is being blocked by a firewall...like brian says, post a config of the router.

Burt
 
Upvote 0 Downvote
This is the configuration:

!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
enable secret 5 $1$d.KN$qQe4Ei1sh.oMhPprEmjJI1
!
aaa new-model
!
!
aaa authentication login LOCAL_DB local
aaa authorization network local_authentication local
!
aaa session-id common
!
resource policy
!
ip cef
no ip dhcp use vrf connected
!
ip dhcp pool CLIENT_ADDRESSES
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 192.168.1.10
lease 0 2
!
.......

username administrator privilege 15 secret 5 $1$92Y2$qwT0OInQGGHTPhszz0x1d0
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group HOME
key solita
dns 192.168.1.10
pool CLIENT_ADDRESSES
!
!
crypto ipsec transform-set MOD_SET esp-3des esp-sha-hmac
no crypto ipsec nat-transparency udp-encaps
!
crypto dynamic-map CLIENT_MAP 1
set transform-set MOD_SET
reverse-route
!
!
crypto map TEST_VPN client authentication list LOCAL_DB
crypto map TEST_VPN isakmp authorization list local_authentication
crypto map TEST_VPN client configuration address respond
crypto map TEST_VPN 100 ipsec-isakmp dynamic CLIENT_MAP
!
!
interface FastEthernet0
ip address 192.168.1.250 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet1
ip address 10.250.24.50 255.255.255.0
duplex auto
speed auto
crypto map TEST_VPN
!
.......
!
interface Vlan1
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan2
no ip address
shutdown
!
interface Async1
no ip address
encapsulation slip
!
router rip
version 2
passive-interface FastEthernet0
network 192.0.0.0
no auto-summary
!
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source route-map SDM_RMAP interface FastEthernet0 overload
!
logging trap debugging
access-list 101 permit ip 192.168.0.0 0.0.0.255 any
!
route-map SDM_RMAP permit 1
match ip address 101
!
........

Thanks,

Erga
 
Upvote 0 Downvote
I could connect to the router. The problem was the password
I got the other prompt asking for username and password.

But now I get:

No private IP address was assigned by the peer

This is in the logs of the VPN client, I don't see any logs at the router side.

Thanks,

Erga
 
Upvote 0 Downvote
Had to add a local pool instead of the DHCP pool I had configured.
The VPN client is connected.

Thanks a lot for you help
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

B
  • Locked
  • Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
215
badwolf1686
B
CPM86
  • Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
320
CPM86
CPM86
pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
570
nt8d09
nt8d09
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
566
madwok
madwok
PThomp3344
  • Locked
  • Question
Trying to connect to Cisco Unified Controller web interface: UC520W-16U-4FXO-K9
Replies
1
Views
476
nt8d09
nt8d09

Part and Inventory Search

Sponsor

Back
Top