Kao klijent koristim Cisco VPN Client 5.00.07.290.
Ispratio sam neka uputstva ali klijent baca grešku 433.
Konfiguracija sledi, debug crypto isakmp je u prilogu, gde grešim?
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname box
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 xxxxxxxxxx
!
aaa new-model
!
!
aaa authentication login vpnclient local
aaa authorization network localgroups local
!
aaa session-id common
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip domain lookup
!
!
voice-card 0
!
!
username vpnuser secret 5 xxxxxxxxxxx
!
!
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 2
crypto isakmp keepalive 20 10
!
crypto isakmp client configuration group vpn-access
key test
dns 192.168.1.1
domain ls49.org
pool vpn-addr
acl acl-vpn
include-local-lan
max-users 2
max-logins 2
!
!
crypto ipsec transform-set client-transform esp-aes 256 esp-sha-hmac
!
crypto dynamic-map dynmap 10
set transform-set client-transform
!
!
crypto map map-0 client authentication list vpnclient
crypto map map-0 isakmp authorization list localgroups
crypto map map-0 client configuration address respond
crypto map map-0 1000 ipsec-isakmp dynamic dynmap
!
!
interface FastEthernet0/0
ip address 10.0.0.254 255.255.255.0
duplex auto
speed auto
no cdp enable
!
interface FastEthernet0/1
ip address 192.168.1.10 255.255.255.0
duplex auto
speed auto
crypto map map-0
!
interface Serial0/1/0
no ip address
shutdown
clock rate 2000000
!
ip local pool vpn-addr 10.0.0.1 10.0.0.15
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip access-list extended acl-vpn
permit ip 10.0.0.0 0.0.255.255 any
!
access-list 23 permit 192.168.0.0 0.0.255.255
access-list 101 permit ip 192.168.0.0 0.0.255.255 any
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
access-class 23 in
transport input telnet ssh
line vty 5 15
access-class 23 in
transport input telnet ssh
!
end