[c-nsp] IOS VPN Client Group Issue

Ge Moua moua0100 at umn.edu
Mon Aug 25 13:35:58 EDT 2008 

I'm doing a simlar config with IOS:
12.4(15)T6

I wonder if you need the "T" code train for this:

Router(config)#crypto isakmp client configuration ?     
  address-pool   Set network address for client
  browser-proxy  Set browser proxy attributes for client
  group          Set group profile attributes for client

Router(config)#crypto isakmp client configuration 




Regards,
Ge Moua | Email: moua0100 at umn.edu

Network Design Engineer
University of Minnesota | Networking & Telecommunications Services
2218 University Ave SE | Minneapolis, MN 55414-3029
Office: 612.626.2779 | Pager: 612.648.0103 | Fax: 612.626.1818
 
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Thomas Beecher
Sent: Monday, August 25, 2008 11:37 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] IOS VPN Client Group Issue

I've come across something odd. I think that this is just a simple oversight
on my part, hopefully another set of eyes will catch this for me.

I've got a 2621 running 12.2(46a) that I'm using to terminate a few VPN
tunnels. Right now, I have three point to point tunnels up, and working
without issue. This morning, I started adding the config for VPN client
access, and that's where I've getting hung up.

Under the crypto isakmp client configuration command, I should have a
'group' option to setup the VPN group parameters. However, I do not. The
only option I have is 'address-pool' . As far as I can tell, this image
should support that command.

I'm fairly certain that I have the correct aaa commands in place to enable
group authorization, however there are some pre-existing AAA commands on
this router that could be hanging me up.

Here's the aaa config:

aaa new-model
aaa authentication login default group tacacs+ line enable aaa
authentication login rev_tel line enable aaa authentication login userauthen
local aaa authorization network groupauthen local

Am I missing something painfully obvious here?

Thanks in advance,

Tom



_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list