[c-nsp] IOS VPN Client Group Issue

Thomas Beecher tbeecher at localnet.com
Tue Aug 26 08:36:04 EDT 2008


You're spot on. I came across that yesterday afternoon, it does require 
the 12.2T train.

Guess I should learn to read a little better. :)

Thanks to those that responded, much appreciated

Tom.

Ge Moua wrote:
> I'm doing a simlar config with IOS:
> 12.4(15)T6
>
> I wonder if you need the "T" code train for this:
>
> Router(config)#crypto isakmp client configuration ?     
>   address-pool   Set network address for client
>   browser-proxy  Set browser proxy attributes for client
>   group          Set group profile attributes for client
>
> Router(config)#crypto isakmp client configuration 
>
>
>
>
> Regards,
> Ge Moua | Email: moua0100 at umn.edu
>
> Network Design Engineer
> University of Minnesota | Networking & Telecommunications Services
> 2218 University Ave SE | Minneapolis, MN 55414-3029
> Office: 612.626.2779 | Pager: 612.648.0103 | Fax: 612.626.1818
>  
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Thomas Beecher
> Sent: Monday, August 25, 2008 11:37 AM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] IOS VPN Client Group Issue
>
> I've come across something odd. I think that this is just a simple oversight
> on my part, hopefully another set of eyes will catch this for me.
>
> I've got a 2621 running 12.2(46a) that I'm using to terminate a few VPN
> tunnels. Right now, I have three point to point tunnels up, and working
> without issue. This morning, I started adding the config for VPN client
> access, and that's where I've getting hung up.
>
> Under the crypto isakmp client configuration command, I should have a
> 'group' option to setup the VPN group parameters. However, I do not. The
> only option I have is 'address-pool' . As far as I can tell, this image
> should support that command.
>
> I'm fairly certain that I have the correct aaa commands in place to enable
> group authorization, however there are some pre-existing AAA commands on
> this router that could be hanging me up.
>
> Here's the aaa config:
>
> aaa new-model
> aaa authentication login default group tacacs+ line enable aaa
> authentication login rev_tel line enable aaa authentication login userauthen
> local aaa authorization network groupauthen local
>
> Am I missing something painfully obvious here?
>
> Thanks in advance,
>
> Tom
>
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>   



More information about the cisco-nsp mailing list