Customer VPN SSL IOS on Vista

Hello

I've implemented a SSL VPN on a 877 router. It has been tested with an XP laptop. Now, the laptop has been formated in Vista and I get this error "Setup could not start the Cisco Client SSL VPN.

For more information, contact your COMPUTER administrator. Click here to log out. »

I watched some old news, and it seems that in the past, client SSL VPN will not work under Vista. However, that display was quite old.

Someone at - he managed to make it work on Vista?

I had exactly the same problem outside my router is a 2811.

The Cisco SSL VPN client is not supported on any taste of Vista - you must upgrade to the Anyconnect client.

I used the anyconnect-victory - 2.3.0254 - k9.pkg

I also found that SDM does not recognize this as a valid client SSL so in order to install I did the following via the CLI

1 tftp flash the router package

2 uninstall the existing customer with

No webvpn install svc flash:/webvpn/svc_1.pkg sequence 1

3. install the new package with

WebVPN install flash: anyconnect svc - win - 2.3.0254 - k9.pkg

After that I reconnected it my broken vista client and it worked like a charm.

As well, as I was running 12.4 (20) T I am now able to use the anyconnect offline client - that is, I don't have to log in via a browser.

Tags: Cisco Security

Similar Questions

  • 3005 & customer VPN SSL gone?

    I upgraded from 2 3005 to vpn3000 - 4.1.7.Q - k9... after that my SSL VPN client options are gone, used to be: Configuration | Tunneling and security | WebVPN | VPN SSL Client...

    This get removed from the latest releases and now I only have the mode of transmission by SSL VPN proxy on of the 3005? Can't seem to find it in the release notes...

    Razor head

    The problem you are having is due to the upgrade to 4.1. *, which is not the software package you need. You were previously using 4.7. *, which is the right one for SD/SVC.

    Ken

  • ASA 5500 series as a customer VPN SSL

    Hello.

    ASA 5510 (or other products) usable as SSL VPN site to site VPN client?

    Version 8.4.2 asdm 6.4.9

    On the other end have certificate authentication and authorization through LDAP credentials

    SSL on the SAA isn't only for remote access. For the Site to Site, you must use IPSec.

  • is eazy customer vpn is supported only on the routers of the 800 pix 7.0 series iOS

    I'm eazy vpn with pix 7.0.4 ios with a 3640 router. the 3640 router is like aeazy vpn client. and the pix as the eazy vpn server. the client connect and continues to ask the xauth parameter. I read in the release notes that requires this vpn eay 12.2 and especially sure ios for 806 routers. the pix also does support eaxy customer vpn routers fo 800 series only. urgent help required. If this true pix sucks big time. they force us to buy routers.they become like microsoft. pls help

    Assane

    According to this document

    http://www.Cisco.com/en/us/products/sw/secursw/ps5299/index.html

    Cisco Easy VPN remote is now available on Cisco 800, 1700, 1800, 2800, 3800 and series UBR900 routers, Cisco PIX 501 security equipment and 506th and Cisco VPN 3002 hardware Clients.

    So no support to 3640...

    M.

    Hope that helps if it is

  • Routing quirks SSL customer VPN - more

    I studied SSL VPN-Plus feature on NSX Edge Gateway and I noticed something really weird just how customer VPN traffic is routed. All client TCP connections are NAT'd to closest edge interface address, any other protocol is routed by using the IP address of the affected client Pool of IP.

    Example of

    Bridge Board with two interfaces

    -outdoor = x.x.x.x

    inside-a = y.y.y.y

    VPN client

    -IP address = z.z.z.z


    Ping ICMP customer VNP with IP address z.z.z.z arrives at its destination with IP address z.z.z.z

    UDP DNS queries to customer VNP with IP address z.z.z.z arrives at its destination with IP address z.z.z.z

    Application of TCP HTTPS client VPN with IP address z.z.z.z arrives at its destination with the IP edge gateway interface address y.y.y.y

    I have no NAT configuration defined by the user in place, only NAT rule is rule DNAT system default for the external interface (uplink).

    That's serious problem with SSL VPN-Plus, I filed a request for support if could, but since I am a student help on licenses NFR partner without support I can't.

    Ed. also tested the UDP

    There is a flag in configuration edge-> sslvpn-> private networks-> specific entry-> 'enable TCP optimization '.

    Disable that and you will see even the client ip TCP connections.

    Dimitri

  • setting up a vpn ssl to a netgear router

    I have setup a router netgear FVS336G at a customer and you have configured a vpn ssl to the customer. I can cinnect on a win xp machine, but not on my machine which is running Vista 64 bit. I get narrations of error message cannot install the vpn tunnel.

    Hi Jluequi,

    The issue of Windows 7 you have posted is better suited for the IT Pro TechNet public. Please post your question in the TechNet Windows 7 networking forum.

    Concerning
    Joel S
    Microsoft Answers Support Engineer
    Visit our Microsoft answers feedback Forum and let us know what you think.

  • WebVPN and remote vpn, ssl vpn anyconnect

    Hi all

    Differences between webvpn and remote vpn, ssl vpn anyconnect
    All require a separate license?

    Thank you

    Hello

    The difference between the webvpn and SSL VPN Client is the WebVPN to use SSL/TLS and port

    send through a java application to support the application, it also only supports TCP for unicast traffic, no ip address

    address is assigned to the customer, and the navigation on the web in the tunnel is made with a SSL

    Web-mangle that allows us stuff things in theSSL session.

    SSL VPN (Anyconnect) Client is a client of complete tunneling using SSL/TCP, which installs an application on the computer and

    envelopes vpn traffic in the ssl session and thus also an assigned ip address has the

    tunnel's two-way, not one-way.   It allows for the support of the application on the

    tunnel without having to configure a port forward for each application.

    AnyConnect is a client of new generation, which has replaced the old vpn client and can be used as long as the IPSEC vpn ssl.

    For anyconnect licenses please see the link below:

    http://www.Cisco.com/c/en/us/TD/docs/security/vpn_client/AnyConnect/ANYC...

    Kind regards

    Kanwal

  • -VPN - PROBLEM IOS CLIENT!

    -Start ciscomoderator note - the following message has been changed to remove potentially sensitive information. Please refrain from publishing confidential information about the site to reduce the risk to the security of your network. -end of the note ciscomoderator-

    Hello

    I have IOS Cisco 2650XM running IPSEC. I configured for authentication local customer vpn. I create ipsec tunnel more Don t ping from router to my client vpn (windows 2 k with vpn client 4.0). If anyone can help me, my express recognition.

    Better compliance

    Joao Medeiros

    SH RUN

    Current configuration: 8092 bytes

    !

    ! Last configuration change at 09:09:04 GMT Tuesday, March 2, 1993 by lordz

    !

    version 12.2

    horodateurs service debug uptime

    Log service timestamps uptime

    encryption password service

    !

    hostname router_vpn_fns

    !

    start the system flash c2600-ik9o3s - mz.122 - 11.T.bin

    AAA new-model

    !

    !

    AAA authentication login default local

    AAA authorization network default local

    AAA - the id of the joint session

    !

    clock timezone GMT - 3

    voice-card 0

    dspfarm

    !

    IP subnet zero

    no ip source route

    IP cef

    !

    !

    no ip domain search

    agm IP domain name - tele.com

    name-server IP 192.168.10.1

    !

    no ip bootp Server

    audit of IP notify Journal

    Max-events of po verification IP 100

    property intellectual ssh time 60

    IP port ssh 2000 rotary 1

    !

    crypto ISAKMP policy 3

    BA 3des

    preshared authentication

    Group 2

    !

    crypto ISAKMP policy 110

    preshared authentication

    lifetime 10000

    !

    crypto ISAKMP policy 130

    preshared authentication

    lifetime 10000

    ISAKMP crypto key xxx address xxx.xxx.76.22

    ISAKMP crypto key xxx address yyy.yyy.149.190

    !

    ISAKMP crypto client configuration group xlordz

    key cisco123

    DNS 192.168.10.1

    area agm - tele.com

    LDz-pool

    ACL 108

    !

    86400 seconds, duration of life crypto ipsec security association

    !

    Crypto ipsec transform-set esp-3des esp-sha-hmac agmipsec_gyn

    Crypto ipsec transform-set esp-3des esp-sha-hmac agmipsec_poa

    Crypto ipsec transform-set esp-3des esp-sha-hmac ldz-series

    !

    Crypto-map dynamic ldz_dynmap 10

    ldz - Set transform-set

    !

    !

    by default the card crypto client ldz_map of authentication list

    default value of card crypto ldz_map isakmp authorization list

    client configuration address card crypto ldz_map answer

    ldz_map 10 card crypto ipsec-isakmp dynamic ldz_dynmap

    !

    agmmap_gyn crypto-address on Serial0/0

    agmmap_gyn 1 ipsec-isakmp crypto map

    the value of xxx.xxx.76.22 peer

    Set transform-set agmipsec_gyn

    PFS group2 Set

    match address 120

    QoS before filing

    agmmap_gyn 2 ipsec-isakmp crypto map

    the value of yyy.yyy.149.190 peer

    Set transform-set agmipsec_poa

    PFS group2 Set

    match address 130

    !

    !

    !

    call active voice carrier's ability

    !

    voice class codec 1

    codec preference 1 60 g729r8 bytes

    g711alaw preferably 2 codec

    !

    !

    Fax fax-mail interface type

    MTA receive maximum-recipients 0

    !

    controller E1 0/1

    case mode

    No.-CRC4 framing

    termination 75 Ohm

    time intervals DS0-Group 1-15, 17 0 type digital r2 r2-compelled ani

    Digital-r2 r2-compelled ani type 1 time intervals DS0-group 18-31

    0 cases-custom

    country Brazil

    counting

    signal response Group-b 1

    case-personal 1

    country Brazil

    counting

    signal response Group-b 1

    !

    !

    !

    !

    interface FastEthernet0/0

    192.168.15.1 IP address 255.255.255.0 secondary

    192.168.7.1 IP address 255.255.255.0 secondary

    IP 192.168.10.10 255.255.255.0

    NBAR IP protocol discovery

    load-interval 30

    automatic speed

    full-duplex

    priority-group 1

    No cdp enable

    !

    interface Serial0/0

    bandwidth of 512

    IP 200.193.103.154 255.255.255.252

    NBAR IP protocol discovery

    frame relay IETF encapsulation

    load-interval 30

    priority-group 1

    dlci 507 frame relay interface

    frame-relay lmi-type ansi

    ldz_map card crypto

    !

    interface FastEthernet0/1

    no ip address

    NBAR IP protocol discovery

    load-interval 30

    Shutdown

    automatic duplex

    automatic speed

    No cdp enable

    !

    LDz-pool IP local pool 192.168.10.3 192.168.10.5

    IP classless

    IP route 0.0.0.0 0.0.0.0 200.193.103.153

    IP route 192.168.20.0 255.255.255.0 xxx.xxx.76.22

    IP route 192.168.25.0 255.255.255.0 xxx.xxx.76.22

    IP route 192.168.30.0 255.255.255.0 yyy.yyy.149.190

    IP route 192.168.35.0 255.255.255.0 yyy.yyy.149.190

    IP route vvv.vvv.17.152 255.255.255.248 192.168.10.1

    IP http server

    enable IP pim Bennett

    !

    !

    dns-servers extended IP access list

    extended IP access to key exchange list

    !

    Journal of access list 1 permit 192.168.10.44

    Journal of access list 1 permit 192.168.10.2

    Journal of access list 1 permit 192.168.10.1

    access-list 1 permit vvv.vvv.17.154 Journal

    IP access-list 108 allow any 192.168.10.0 0.0.0.255 connect

    access-list 108 permit ip any any newspaper

    IP access-list 120 allow any 192.168.20.0 0.0.0.255 connect

    IP access-list 120 allow any 192.168.25.0 0.0.0.255 connect

    access-list allow 120 ip host xxx.xxx.76.22 any log

    access-list 120 deny ip any any newspaper

    IP access-list 130 allow any 192.168.30.0 0.0.0.255 connect

    IP access-list 130 allow any 192.168.35.0 0.0.0.255 connect

    access-list allow 130 ip host yyy.yyy.149.190 any log

    access-list 130 deny ip any any newspaper

    access-list 140 deny udp 192.168.20.0 0.0.0.255 any netbios-ns range

    NetBIOS-ss log

    access-list 140 deny udp 192.168.25.0 0.0.0.255 any netbios-ns range

    NetBIOS-ss log

    access-list 140 deny udp 192.168.30.0 0.0.0.255 any netbios-ns range

    NetBIOS-ss log

    access-list 140 deny udp 192.168.35.0 0.0.0.255 any netbios-ns range

    NetBIOS-ss log

    access-list 140 refuse tcp 192.168.20.0 0.0.0.255 any beach 137 139 connect

    access-list 140 refuse tcp 192.168.25.0 0.0.0.255 any beach 137 139 connect

    access-list 140 refuse tcp 192.168.30.0 0.0.0.255 any beach 137 139 connect

    access-list 140 deny tcp 192.168.35.0 0.0.0.255 any beach 137 139 connect

    access-list 140 refuse tcp 192.168.20.0 0.0.0.255 any eq connect 5900

    access-list 140 refuse tcp 192.168.25.0 0.0.0.255 any eq connect 5900

    access-list 140 refuse tcp 192.168.30.0 0.0.0.255 any eq connect 5900

    access-list 140 deny tcp 192.168.35.0 0.0.0.255 any eq connect 5900

    access-list 140 permit ip any any newspaper

    Dialer-list 1 ip protocol allow

    not run cdp

    !

    Server SNMP community xxxxxxxxxx

    Enable SNMP-Server intercepts ATS

    call the rsvp-sync

    !

    voice-port 0/1:0

    !

    voice-port 0/1:1

    !

    No mgcp timer receive-rtcp

    !

    profile MGCP default

    !

    Dial-peer cor custom

    !

    !

    !

    !

    Line con 0

    exec-timeout 2 0

    Synchronous recording

    length 50

    line to 0

    exec-timeout 0 10

    No exec

    line vty 0 4

    access-class 1

    transport input telnet ssh

    !

    Master of NTP

    !

    end

    Hello

    If you are not disturbing the production network much, just try to reload 2650.

    This works sometimes!

    Kind regards

    Walked.

  • AIM-VPN/SSL-2 facility in Cisco 2821

    Hi all

    I have the router cisco 2821 wit IOS version 12.4 (25 d)

    I also have encryption for this router Cisco AIM-VPN/SSL-2 Module.

    I have inserted this module to the location of the 0 OBJECTIVE but can not see.

    I found in KB:

    http://www.Cisco.com/en/us/docs/iOS/12_4t/12_4t11/htvpnssl.html#wp1067692

    but I have no 'cryptographic engine objective' command

    Router #crypto engine (config)?

    Unit? hardware Crypto Accelerator

    Embedded onboard Crypto engine

    software software encryption engine

    When the system starts up, I see:

    0004F4 PURPOSE UNKNOWN

    This who should I change to activate this module?

    Thank you.

    Julie,

    PURPOSE/SSL engines require

    IOS 12.4 (9) T at least while you are running older 12.4 main version.

    http://www.Cisco.com/en/us/prod/collateral/routers/ps5853/data_sheet_vpn_aim_for_18128003800routers_ps5853_Products_Data_Sheet.html

    Marcin

  • Module AIM-VPN/SSL-2

    Does anyone know if the GRE tunnels can be used with the AIM-VPN/SSL-2 module for the Cisco 2800 series routers?

    Yes, we use it with GRE/IPSec.

    Hope that helps.

  • ASA AnyConnect VPN SSL

    I have already set up site to site vpn asa.

    Now, I want to create asa ssl AnyConnectVPN.

    Please help me with the configuration for all VPN connection?

    Configuration VPN SSL Clienless already on our asa

    "If I try to access to, the error is.

    Opening of session
    Connection refused. Your environment does not respect the terms of access defined by your administrator.

    Please notify this error for me. I changed the username and password may also.

    Thank you

    Aung

    Hey Aung,

    It's the best way to get rid of this message:

    WebVPN

    No csd enabled

    !

    dynamic-access-policy-registration DfltAccessPolicy

    action continue

    The reason why you see the message is because you have a dynamic access policy refuse your connection, because your system does not meet the requirements.

    HTH.

    Portu.

  • ASA 5505 like customer VPN simple AM _ACTIVE status

    Hi Experts,

    We have an ASA5505 which is configured to operate as a simple customer VPN. The output of isakmp #show his indicates the State of the tunnels as AM_ACTIVE.

    But we are not able to establish connectivity to one of the Interior knots.

    What does AM_ACTIVE mean? My understanding of all the Clients VPN easy hardware or software, use aggressive Mode and the tunnel is set up and works. Easy VPN server configurations is not under our management, which is most likely a router, and we believe that it is the problem of configuration at the server end.

    In addition, there is virtually nothing to do on one customer another easy VPN that specify authentication and tunnel group information in the client, and it must be connected. All other configurations are pushed from the end of Easy VPN Server, right?

    The output of ipsec #show his , noted the following

    dynamic allocated peer ip: 0.0.0.0 ---> is this to say that this isn't my ASA5505 assigned any IP by the easy VPN server?

    #pkts program: 3, #pkts encrypt: 3, #pkts digest: 3

    #pkts decaps: 0, #pkts decrypt: 0, #pkts check: 0 ---> no decryption, which probably means that there is no response from the remote end, right?

    compressed #pkts: 0, unzipped #pkts: 0

    #pkts uncompressed: 3, comp #pkts failed: 0, #pkts Dang failed: 0

    success #frag before: 0, failures before #frag: 0, #fragments created: 0

    Sent #PMTUs: 0, #PMTUs rcvd: 0, reassembly: 20th century / of frgs #decapsulated: 0

    #send errors: 0, #recv errors: 0

    #show vpnclient detail out I saw a lot of ISAKMP policy being created.

    -------------------------------------------

    crypto ISAKMP policy 65001

    xauth-pre-sharing authentication

    aes-256 encryption

    sha hash

    Group 2

    life 2147483647

    crypto ISAKMP policy 65002

    xauth-pre-sharing authentication

    aes-256 encryption

    md5 hash

    Group 2

    life 2147483647

    crypto ISAKMP policy 65003

    xauth-pre-sharing authentication

    aes-192 encryption

    sha hash

    Group 2

    life 2147483647

    crypto ISAKMP policy 65004

    xauth-pre-sharing authentication

    aes-192 encryption

    md5 hash

    Group 2

    life 2147483647

    crypto ISAKMP policy 65005

    xauth-pre-sharing authentication

    aes encryption

    sha hash

    Group 2

    life 2147483647

    crypto ISAKMP policy 65006

    xauth-pre-sharing authentication

    aes encryption

    md5 hash

    Group 2

    life 2147483647

    crypto ISAKMP policy 65007

    xauth-pre-sharing authentication

    3des encryption

    sha hash

    Group 2

    life 2147483647

    crypto ISAKMP policy 65008

    xauth-pre-sharing authentication

    3des encryption

    md5 hash

    Group 2

    life 2147483647

    crypto ISAKMP policy 65009

    xauth-pre-sharing authentication

    the Encryption

    md5 hash

    Group 2

    life 2147483647

    crypto ISAKMP policy 65010

    preshared authentication

    aes-256 encryption

    sha hash

    Group 2

    life 2147483647

    crypto ISAKMP policy 65011

    preshared authentication

    aes-256 encryption

    md5 hash

    Group 2

    life 2147483647

    crypto ISAKMP policy 65012

    preshared authentication

    aes-192 encryption

    sha hash

    Group 2

    life 2147483647

    crypto ISAKMP policy 65013

    preshared authentication

    aes-192 encryption

    md5 hash

    Group 2

    life 2147483647

    crypto ISAKMP policy 65014

    preshared authentication

    aes encryption

    sha hash

    Group 2

    life 2147483647

    crypto ISAKMP policy 65015

    preshared authentication

    aes encryption

    md5 hash

    Group 2

    life 2147483647

    crypto ISAKMP policy 65016

    preshared authentication

    3des encryption

    sha hash

    Group 2

    life 2147483647

    crypto ISAKMP policy 65017

    preshared authentication

    3des encryption

    md5 hash

    Group 2

    life 2147483647

    crypto ISAKMP policy 65018

    preshared authentication

    the Encryption

    md5 hash

    Group 2

    life 2147483647

    --------------------

    This may possibly be due to a bad end of server configuration and the cause of not being able to establish connectivity to the end server nodes?

    Help, please! Sorry for the mess, but we want to just make sure that it isn't something wrong with the configuration on our side!

    Kind regards

    ANUP sisi

    There are 2 phases of IPSec: IKE (Phase 1), status of the AM_Active Phase 1 means is running, and IPSec (Phase 2), and if you have both figure and decrypts increment which means the tunnel past the traffic.

    Based on the output, the VPN tunnel is up and sends traffic to the network/VPN server, however, there is no response in return.

    You should check the end of the VPN server to see if there is no configuration issues. Discover the NAT exemption and ensure that you have configured on the network head. How do you set as? PAT/Client mode or NEM?

  • SSL VPN on IOS but no traffic

    Dear score

    I configured SSL VPN on c3845. WebVPN working via browser but through webvpn client I am able to connect but can not reach an internal with ip address on the network. Please find the show for your reference

    Check your 'ip nat inside' list 1 and make sure that you're not VPN traffic to be NATted

    -heather

  • Customer Cisco IPSec vpn cisco ios router <>==

    Hello

    I need to implement ipsec vpn for all users of 10-15. They all use the vpn cisco 5.x client and we have a router for cisco ios at the office. We already have a situation of work for these users. However, it has become a necessity which known only devices (laptops company) are allowed to install a virtual private network.

    I think that the only way to achieve this is to use certificates. But we don't won't to buy certificates if there is a free way to implement. So my question is

    (1) what are the options I have to configure vpn ipsec, where only known devices can properly configure a vpn and all unknown devices are blocked?

    (2) if the certificate is the only way. Can I somehow produce these certificates myself using cisco router ios?

    (3) someone at - it an example of a similar installation/configuration?

    Thanks in advance.

    Kind regards

    M.

    Unfortunately if you connect to the router IOS, there is no other way except using the certificate. If you connect to a Cisco ASA firewall, then you can identify the laptop company using DAP (Dynamic Access Policy).

  • Configuration of the client VPN IPSEC IOS question

    Hello all, I just can't get my IOS Firewall to accept a client based vpn IPSEC connection. The Cisco client comes to expiration and Im never disputed a username and password. I checked my group and a pre-shared on the client and the router. I put my relevant config below. Any help would be greatly appreciated.

    version 12.4

    boot system flash: uc500-advipservicesk9 - mz.124 - 24.T.bin

    AAA new-model

    !

    !

    AAA authentication login default local

    radius of group AAA authentication login userauthen

    AAA authorization exec default local

    radius of group AAA authorization network groupauthor

    inspect the IP tcp outgoing name

    inspect the IP udp outgoing name

    inspect the name icmp outgoing IP

    crypto ISAKMP policy 3

    BA 3des

    preshared authentication

    Group 2

    !

    Configuration group customer isakmp crypto SMOVPN

    key xxxxx

    DNS 192.168.10.2

    business.local field

    pool vpnpool

    ACL 108

    Crypto isakmp VPNclient profile

    match of group identity SMOVPN

    client authentication list default

    Default ISAKMP authorization list

    client configuration address respond

    !

    !

    Crypto ipsec transform-set esp-3des esp-sha-hmac RIGHT

    Crypto-map dynamic dynmap 10

    Set transform-set RIGHT

    Define VPNclient isakmp-profile

    market arriere-route

    !

    !

    map clientmap client to authenticate crypto list userauthen

    card crypto clientmap isakmp authorization list groupauthor

    client configuration address map clientmap crypto answer

    10 ipsec-isakmp crypto map clientmap Dynamics dynmap

    interface FastEthernet0/0

    IP 11.11.11.10 255.255.255.252

    IP access-group outside_in in

    no ip redirection

    no ip unreachable

    no ip proxy-arp

    NAT outside IP

    inspect the outgoing IP outside

    IP virtual-reassembly

    automatic duplex

    automatic speed

    clientmap card crypto

    IP local pool vpnpool 192.168.109.1 192.168.109.254

    IP nat inside source list 1 interface FastEthernet0/0 overload

    outside_in extended IP access list

    permit tcp object-group Yes_SMTP host 11.11.11.10 eq smtp

    allow any host 74.143.215.138 esp

    allow any host 74.143.215.138 eq isakmp udp

    allow any host 74.143.215.138 eq non500-isakmp udp

    allow any host 74.143.215.138 ahp

    allow accord any host 74.143.215.138

    access-list 1 permit 192.168.10.0 0.0.0.255

    access-list 1 permit 10.1.1.0 0.0.0.255

    access-list 108 allow ip 192.168.109.0 0.0.0.255 192.168.10.0 0.0.0.255

    access-list 108 allow ip 192.168.109.0 0.0.0.255 10.1.1.0 0.0.0.255

    access-list 108 allow ip 192.168.109.0 0.0.0.255 10.1.10.0 0.0.0.255

    Here are a few suggestions:

    change this:

    radius of group AAA authorization network groupauthor

    for this

    AAA authorization groupauthor LAN

    (unless you use the group permission for your radius server you need local)

    Choose either on ISAKMP profiles and if you decide to go with and then get rid of these lines:

    map clientmap client to authenticate crypto list userauthen

    card crypto clientmap isakmp authorization list groupauthor

    client configuration address map clientmap crypto answer

    AND change the following items on your profile isakmp:

    Crypto isakmp VPNclient profile

    ISAKMP authorization list groupauthor

    Also if you'll use a list for user authentication, I advise you to avoid using the default list so go ahead and change it too much under the isakmp profile

    client authentication list userauthen.

    If you do not use isakmp profiles change the following:

    No crypto isakmp VPNclient profile

    Crypto-map dynamic dynmap 10

    No VPNclient set isakmp-profile

Maybe you are looking for

  • A few questions about Apple Watch.

    Hello, guys... My name is Alexander and I live in India. I wanted to buy a Apple Watch and I have a few questions. 1. I use Wi - Fi router and did not have cellular data Plans. Now my doubt is, when the iPhone is not connected to a network of data, W

  • Porque mi cuenta aparace cerrada y as infringi en algo

    MI cuenta appears como cerrada y no puedo access not as soon as infringi en algo pero no creo mi cuenta ago're trabajo solo cuestion without to hacer para mi cuenta correo alguien could help me recover

  • How to change the o/s of Win XP Home instead of Win XO Pro on the computer without having to format the hard drive?

    My colleague accidentally installed Win XP Home Edition on a computer that we have configured as a server e-mail and files. How do I change OS to Win XP Pro without having to re - format the hard drive? The Win XP Pro is a supplier for the machine. W

  • LaserJet 100 MP175nw: Error 49

    I recently changed my Airport Time Capsule (newer model) and changed the name of my network. Now, I'm trying to print from my MacPro and the printer gives me an error 49 non-stop. I checked the responses in the communities of HP forum and none seem t

  • Capacity to create folders

    I m using Windows 7 for a year and now, last week in Windows Explorer or on the desktop if I right click on a folder or on the desktop I have more a list of options under new except Briefcase. I have a scanner and it fixed some corrupt but files whic