×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

VPN Troubles - Cisco 2801 and ASA5505

VPN Troubles - Cisco 2801 and ASA5505

VPN Troubles - Cisco 2801 and ASA5505

(OP)
Hey Everyone,

I'm having some trouble. I'm unable to get past phase2 in the ike authentication. It seems to me that these 2801's are a pita to get working with VPNs. I've double checked everything I could think of to get it working and I'm still having trouble.. I have posted the configs below. Thanks for the help!!

ASA Version 8.2(2)
!
hostname asa5505-3
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 10.100.0.0 Mgmt
name 172.16.1.0 CEO-subnet
name 10.10.0.0 HR
name 192.168.4.0 routerlink
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 10.41.1.254 255.255.0.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 100.1.3.1 255.255.0.0
!
interface Ethernet0/0
 switchport access vlan 2
!             
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list inside_access_in extended permit ip any any
access-list outside_access_in extended permit ip any any
access-list inside_access_in_1 extended permit ip any any
access-list outside_1_cryptomap extended permit ip 10.41.0.0 255.255.0.0 CEO-subnet 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.41.0.0 255.255.0.0 CEO-subnet 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.41.0.0 255.255.0.0 HR 255.255.0.0
access-list outside_2_cryptomap extended permit ip 10.41.0.0 255.255.0.0 routerlink 255.255.255.252
pager lines 24
logging enable
logging asdm debugging
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
access-group inside_access_in_1 in interface inside control-plane
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
!
router ospf 1
 network 10.41.0.0 255.255.0.0 area 0
 area 0
 log-adj-changes
!
route outside 0.0.0.0 0.0.0.0 100.1.1.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 0.0.0.0 0.0.0.0 inside
http Mgmt 255.255.0.0 inside
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs group5
crypto map outside_map 1 set peer 100.1.2.1
crypto map outside_map 1 set transform-set ESP-AES-128-SHA
crypto map outside_map 2 match address outside_2_cryptomap
crypto map outside_map 2 set pfs group5
crypto map outside_map 2 set peer 100.1.4.1
crypto map outside_map 2 set transform-set ESP-AES-128-SHA
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption aes
 hash sha
 group 5
 lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
tunnel-group 100.1.2.1 type ipsec-l2l
tunnel-group 100.1.2.1 ipsec-attributes
 pre-shared-key *****
tunnel-group 100.1.4.1 type ipsec-l2l
tunnel-group 100.1.4.1 ipsec-attributes
 pre-shared-key *****
!
class-map inspection_default
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect tftp
!
service-policy global_policy global
prompt hostname context



**********ROUTER CONFIG*********

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging buffered
!
no aaa new-model
ip cef
!
!
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!         
multilink bundle-name authenticated
!
!
voice-card 0
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!         
archive
 log config
  hidekeys
!
!
crypto isakmp policy 1
 encr aes
 authentication pre-share
 group 5
crypto isakmp key lolvpnlol address 100.1.3.1
!
!
crypto ipsec transform-set sha-aes-128 esp-aes esp-sha-hmac
!
crypto map sitetosite 1 ipsec-isakmp
 set peer 100.1.3.1
 set transform-set sha-aes-128
 match address vpn-acl
!
crypto map vpn-policy 1 ipsec-isakmp
 set peer 100.1.3.1
 set transform-set sha-aes-128
 match address vpn-acl
!
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 100.1.4.1 255.255.0.0
 duplex auto
 speed auto
 crypto map vpn-policy
!
interface FastEthernet0/1
 ip address 192.168.4.1 255.255.255.252
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
 network 192.168.4.0 0.0.0.3 area 0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 100.1.1.254 permanent
!
!
ip http server
no ip http secure-server
!
ip access-list extended vpn-acl
 permit ip 192.168.4.0 0.0.0.3 10.41.0.0 0.0.255.255
!
!
!
!
!
!
!
control-plane

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close