Question:
we're having an issue with Cisco 3560V2 Price a few of our
routers that mobile users use to remote access VPN into. These routers are also
DMVPN spokes.
Basically I have two isakmp policies and
ipsec policies as below:
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 5
!
crypto isakmp key ABC address 0.0.0 .0
0.0.0.0 no-xauth
crypto isakmp keepalive 30 5 periodic
!
crypto ipsec transform-set myset esp-3des
esp-sha-hmac
crypto ipsec transform-set TS1 esp-3des
esp-md5-hmac
mode transport
!
Until this morning, all of the spoke
routers on DMVPN were having major issues where they would try to talk to one
another but fail due to CONF_XAUTH error. Once I added the no-xauth keyword at
the end of crypto isakmp key, all started working well without any issues.
However since then, our remote access VPN clients are no longer working. If I
remove no-xauth, remote access clients start working but DMVPN starts to flap.
Any ideas?
Answer:
I think you can use isakmp profiles to
split the keyring for the remote access and the one that is Cisco 3560V2 for dmvpn
没有评论:
发表评论