Fall of connection Cisco RV110W

Similar Questions

• VPN CISCO RV110W fail.

  Hello

  I have a router Aztech DSL1015EW (S) and Cisco RV100w. Here's my setup.

  Phone - RJ11---> DSL1015EW (S) - RJ45---> RV110W

  -J' tried to build the portable computer remote VPN connection to RV110W (failed)

  -Also failefk quick VPN

  -PPTP failed

  Port forwarding on DSL1015EW

  I don't have the public ip address

  I use dydns.

  What can I do? Please help me.

  Fast VPN error message is "bridge not answer do you expect ot.

  PPTP error code is cannot estiblishe to the remote host.

  Hello

  Hi, thank you for using our forum, my name is Johnnatan I left the community of support to small businesses.

  I apologize for your stress, in this case I advise you to check this link with useful information about the VPN fast https://supportforums.cisco.com/docs/DOC-29399

  I hope you find this answer useful,

  "* Please mark the issue as response or write it down so others can benefit from.

  Greetings,

  Johnnatan Rodríguez Miranda.

  Support of Cisco network engineer.

• Connection Cisco UCS 6120 FI directly to Cisco Catalyst 6500?

  I watch a lot of design with the Cisco UCS solution guide and everywhere it is Cisco Nexus 5000/7000 connects to the uplink ports of Cisco UCS 6120 FI with the benefits of technology to the vPC.

  How about connect Cisco UCS 6120 FI directly to 10GE ports in Cisco Catalyst 6500 (without VSS and VSS)? It is possible to design?

  If I use C6500VSS there will be port-channel of the aggregation of the UCS Nx10GE all the bandwidth?

  And what happens if I use C6500 (without VSS) - how it will be on the many links between UCS and two boxes C6500? It will be blocked by STP? A little on the other?

  Please explain to me, because we have only C6500 switches in our data center and want to test a Cisco UCS schassis.

  Yes, you can connect the 6120 s to cat6500s with or without vs. With VSS, you get a vPC as port channel where 2 links to a single 6120 can be connected to different 2 6500 s in a port LACP-channel.

  VSS is not necessary, you can connect a 10 G uplinks / 1 G of 1 or more of a 6120 at cat6500s. I you have 2 cat6500s (non - vss) and 2 uplinks by 6120, then you want to connect 1 cat6500-1 and the other to cat6500-2. I would recommend going ahead and creating a single port-channel port so that you can easily add the uplinks in the furture without interruption of service.

  Ideally, for non - vss, I would have 4 10 uplinks by 6120; 2 in a channel port cat6500-1 and 2 in a port in cat6500-2 channel

• Cisco RV110W supports up to 1 VPN policies

  Best regards

  I use a router Cisco RV110W to 20 natoinwide of branches with a central site for interconnection, however, although VPN correctly between a branch and the central location it is not possible to add another tunnel in the RV110W to another secondary site (see photo)

  In the data sheet RV110W it is said that this router supports up to 5 VPN tunnels, but apparently these 5 tunnels are supposed to establish via the software QuickVPN from a computer.

  so: is there a real limit to VPN site to site (router to router) 1 with RV110W?

  Thanks in advance for any help!

  Please contact Cisco,

  The RV110w supports only 1 site to tunnel

  Of the data sheet:

  1 tunnel IPSec Site to Site

  The RV130W will allow 10 site to site tunnels, datasheet below:

  http://www.Cisco.com/c/en/us/products/collateral/routers/small-business-...

  Best regards

• How to connect Cisco SG-300-10 L3 switch selector mode in Mode of L2 SG-300-20

  Ladies and gentlemen, please forgive me if you find my question too basic. But, I would really appreciate your help. I have two Cisco switches (SG-300-10 and SG-300-20) and I am struggling to connect with each other.

  Requirements: Switch Cisco SG-300-10 which is in needs of L3 mode to send the traffic of VLAN tagged to the switch Cisco SG-300-20, which is the mode of L2

  What I've done so now

  1 Cisco SG-300-10 (Mode L3) to the router directly connected and configured IP addresses, 192.168.0.21. The GVRP is configured for Port 5. Created the VLAN 1000 with interface IP (192.168.100.1) and configured the Port 5 trunk mode (1U, 1000 t)

  2 connected Cisco SG-300-20 (L2 Mode) to the router and set up the IP address management, 192.168.0.22. The GVRP is configured for Port 5. 1000 of VLANS created and configured the Port 5 trunk mode (1U, 1000 t)

  What does not work

  I can't access the address of management of the L2 (192.168.0.22) switch. Note that the L2 switch only on the uplink, which is to the L3 switch. Since the Port 5 also receives no marked traffic of VLAN1 (192.168.1.1), I'm assuming that he would receive the network management of VLAN1.

  Other Observations

  When I connect the cable between the two switches Port5, I expect to exchange information of VLAN, by documentation. But the lights flash at all.

  I tried other things

  I tried to connect Port 2 (1U) L3 Switch switch 2 L3 Port (1U). Yet, I can't access to the management of the L2 switch port. However, when I connect 2-Port L3 switch to my laptop, I get an IP address. That tells me that I have to solve the problem of management network pair before the switches.

  Hi Späti,

  I think the confusion is the use of the address IP address to you and how you manage your computer.

  VLAN 1 = 192.168.1.1

  VLAN 1000 = 192.168.0.21

  How I read that you connect layer 2 VLAN 1 on 192.168.0.21 switch to layer 3 of the same VLAN 1 interface to 192.168.1.1. It's confusing.

  So first thing to do is this - change layer 2 switch network 192.168.1.x IP and confirm management works on VLAN 1.

  If you want to layer 2 switch works on VLAN 1000, then you need to change the default VLAN 1000, then you can configure your uplink either as the way which you have 1u, 1000 t, or you can use 1000u.

  Your management VLAN on the layer 2 switch is VLAN 1 still unless you changed it (which did you not?)

  A next important thing for the layer 2 switch is going to be the default gateway. The switch of level 3, you need to specify the address IP of the VLAN 1000, which I think you did to 192.168.0.21/24. This 192.168.0.21 must be the default gateway for the layer 2 switch.

  Finally, the computer you connect to layer 3 switch, what that either VLAN that you choose to connect to (1 unidentified), you need to set the IP and default gateway appropriate. So if you're going to VLAN 1 then your computer is 192.168.1.x with gateway 192.168.1.1

  And for the comment extra, GVRP is a horrible Protocol and very pitiful, I don't recommend to use.

• Cisco RV110W

  Hi all

  I have the following question: I have 3 router CISCO rv110w. One of them is the most important for me is in my warehouse. The other two are in my shop. I want to do the first router (in-store) to the vpn server and the other two to be its vpn customers. Can you explain in detail how to proceed.

  Thanks in advance

  Dear Lubo,

  Thank you to the small community of Support Business.

  Please refer to the following document for a "VPN client" configuration on routers RV110W; "

  http://sbkb.Cisco.com/CiscoSB/Loginr.aspx?login=1&PID=2&app=search&VW=1&articleid=2501

  For a step by step over procedure detail consult the Administrator's guide, p.96;

  http://www.Cisco.com/en/us/docs/routers/CSBR/RV110W/Administration/Guide/rv110w_admin.PDF

  I hope you find this information useful and please let us know if there is any other assistance, we can help you.

  Kind regards

  Jeffrey Rodriguez S... : | :. : | :.
  Support Engineer Cisco client

  * Please rate the Post so other will know when an answer has been found.

• AnyConnect licenses for Cisco RV110W

  Hi all

  Thank you in advance for taking the time to respond - I tried for the last hour and seek more information on the AnyConnect client for an entry level firewall - CiscoRV110W, but I'm still confused.

  To say simple things, my questions are:

  If I buy this firewall of entry-level VPN connections supports 5 + 5, can users download the AnyConnect client and connect to the VPN for free (once it is set up), or do I have to pay extra for the AnyConnect licenses? How much would that cost?

  My experience with AnyConnect has been so far limited to the end user, use it to connect to the network through the VPN at work, but now I take into account set up something similar for a small office with a few teleworkers.

  Connection of the device:

  http://www.Cisco.com/c/en/us/products/collateral/routers/RV110W-wireless...

  I already read the FAQ for AnyConnect, but it is still is not clear.

  Thank you for your time!

  Hi mmihai.toma,

  As far as I know, is not supported on devices RV Anyconnect.  If you want to use Anyconnect you must have a Firewall ASA or IOS, router IO - XE.

  According to the documentation it looks like the only VPN options for the device of RV are: quick VPN, Site to Site, and PPTP.

  It may be useful

  -Randy-

• FVS318N router keeps fall of connectivity

  Hi all - I've posted this problem in the past. As usual. The problem clears for several months and then comes back. It is with my FVS318N router. Since yesterday, I lost all connectivity several times a day. Yesterday, it fell by 10 times. When this happens. I am unable to pint the router or connect to the router by connecting your laptop directly to a port on the router. I also still have questions to try to broadcast of live content. Where it keeps buffering. Today, support told me to do a factory reset. Really, I didn't do that but agreed to it. The router remained for about 6 hours and crashed again. The only change that I made after the reset has been to put my SSID wireless to my setting and set a password. With my router Verizon FIOS and Linksys routers I ever connectivity issues. The problem is, I need VPN access to my home and this router had built. Can anyone give me any advice with this router? Is this router just unreliable? This problem lasts for a few years. Netgear support sent me 3-4 routers via RMA. They all have the same experience. Knit weel for months, then started crashing. When it started crashing it is several times a day which makes this router unsable. Any suggestions/help would be greatly appreciated.

  Thanks in advance

  Thanks again for the responses. Rebooting the router is my challenge. In case of problem, the only way I can come back is the power cycle access so I wouldn't be able to get data from the syslog. I was not happy support not could not give me an ETA for that is when a person advances could connect to my router to see if they could discover something, but I realize support teams are busy. I agree an RMA more and keep my fingers crossed I will finally have a router that is reliable. As side note, my Cisco router has been online for about 5 days now, so I am confident the problem is with the Netgear router. Unfortunately, my confidence is not there with Netgear more but am willing to try a router more

• Cannot connect Cisco Network Assistant to 2911 router

  I'm trying to connect my Cisco 2911 router to my community at the NAC.  I can see the routers in terms of topology, but when I try to add to the community I get an error message indicating that the router is inaccessible (cannot connect).  I can ping client device of soul. I can view the properties of the device to the card (device type: CISCO2911/K9). Telenet attempt connection, but we have only use SSH for connectivity (the same as all my switches that are connected to the community).  2911 is listed as a taken router supported on the Cisco site.

  Any quesses what I am doing wrong?

  Thanks in advance.

  J

  Hello
  You must enable http for can work.

  http://kirkpbm.WordPress.com/2008/07/13/Cisco-network-assistant-enabling...
  Pls link for other instructions above check.

  Rgds/DP
  Sent by Cisco Support technique iPad App

• Connection Cisco SG300-10-Core Cisco 6513 for ShoreTel phones

  I have a new ShoreTel phone system will soon.  Configure a dhcp, including option 156 scope which is required for ShoreTel to obtain the configuration on ShoreTel phones and in order to get on the vlan correct voice on the phone.  I also created a new vlan 112 for the vlan voice.  When I plug directly into the Cisco 6513 Core switch, the phone starts fine, it gets its configuration and on the VLAN correct 112.

  We have a training room in which there will be a lot of users.  I ordered 6 Cisco small business 10port SG-300 POE switches for this training room.  I plugged the switch in a cable coming off the 6513 which is just an access port and in the vlan voice I created for phones shoretel VOIP:

  interface FastEthernet10/11
  switchport
  switchport mode access
  switchport voice vlan 112
  priority queue queue-limit 20
  WRR-queue random - detect min-threshold 1 30 40 50 60 70 80 90 100
  WRR-queue random - detect min-threshold 2 30 40 50 60 70 80 90 100
  WRR-queue random detection threshold min 3 30 40 50 60 70 80 90 100
  WRR-queue random detection max-threshold 1 70 80 90 100 100 100 100 100
  WRR-queue random detection max-threshold 2 70 80 90 100 100 100 100 100
  WRR-queue random detection threshold 3 70 80 90 100 100 100 100 100 max
  WRR-queue cos-map 1-3-1
  WRR-queue cos-1 6 4 map
  WRR-queue cos-map 2 6 0
  WRR-queue cos-map 2 8 2
  WRR-queue cos-map 3 1 7
  WRR-queue cos-map 3 8 3 6
  MLS qos trust dscp
  Storm-control broadcasts 20 h 00
  spanning tree portfast

  When I plug a phone directly into this cable the phone works very well.  When I plug a cheap cisco POE switch in I can get 3 phones works very well, but due to the amount of energy needed for this cheap a cisco switch it will give only 3 phones power.

  The real problem here is plug into small business cisco SG300-10port POE managed switch.  I thought I could just connect the switch to the port configured above right out of the box and plug in phones without a problem.  When I plug the switch and start plugging in ShoreTel phones, they do not start coming in and upward and actually had a few phones upward but then finally there is no tone and also later, they appear on the screen as a service not available.

  I have to configure a trunk port on a port on the SG300 and the Cisco 6513 for this to work?  Also I will need to VLAN configuration manually on the SG300.  Looks like that when I just plugged it in to the above configured the port on the SG300 it automatically create the vlan 112.

  Any help would be appreciated

  Thank you

  Dave

  Deleted

• Cannot connect Cisco 2621 to AWS EC2 Openswan vpn site to site

  Hello, I'm setting up Site to Site vpn between my Cisco 2621 router and Amazon EC2 instance running openswan.
  I get on the following message on the openswan server: 'NO_PROPOSAL_CHOSEN '.
  My router config Cisco 2621 and Openswan config are displayed below, I know im missing something small, but can't
  understand what is :-) any help would be appreciated.

  Apr 16 20:05:55 ip-172-31-1-142.us-west-2.compute.internal pluto [28503]: "paulaga-House" #1: STATE_MAIN_I3: sent MI3, expect MR3
  Apr 16 20:05:55 ip-172-31-1-142.us-west-2.compute.internal pluto [28503]. port/protocol Phase 1 ID payload is 17/0. agreed with port_floating NAT - T
  ' Apr 16 20:05:55 ip-172-31-1-142.us-west-2.compute.internal pluto [28503]: "paulaga-House" #1: hand mode peer ID is ID_IPV4_ADDR: ' 192.168.1.253.
  Apr 16 20:05:55 ip-172-31-1-142.us-west-2.compute.internal pluto [28503]: "paulaga-House" #1: transition of State STATE_MAIN_I3 of State STATE_MAIN_I4
  Apr 16 20:05:55 ip-172-31-1-142.us-west-2.compute.internal pluto [28503]: "House paulaga" #1: STATE_MAIN_I4: ISAKMP Security Association established {auth = PRESHARED_KEY oakley_3des_cbc_192 integ = md5 = MODP1536 group = cipher}
  Apr 16 20:05:55 ip-172-31-1-142.us-west-2.compute.internal pluto [28503]: "paulaga home" #2: quick launch Mode PSK + ENCRYPT + TUNNEL + PFS + UP + IKEV1_ALLOW + IKEV2_ALLOW + SAREF_TRACK + IKE_FRAG_ALLOW {using isakmp #1 proposal of msgid:17d23abf = default pfsgroup = OAKLEY_GROUP_MODP1536}
  Apr 16 20:05:55 ip-172-31-1-142.us-west-2.compute.internal pluto [28503]: "paulaga-House" #1: regardless of the payload information NO_PROPOSAL_CHOSEN, msgid = 00000000, length = 160
  Apr 16 20:05:55 ip-172-31-1-142.us-west-2.compute.internal pluto [28503]. ISAKMP Notification payload
  Apr 16 20:05:55 ip-172-31-1-142.us-west-2.compute.internal pluto [28503].   00 00 00 a0 0e 00 00 00 01 03 04 00
  Apr 16 20:05:55 ip-172-31-1-142.us-west-2.compute.internal pluto [28503]: "paulaga-House" #1: received and ignored the information message

  The schema looks like this:
  192.168.0.0/24:FA0/1[router]FA0/0 192.168.1.253 - 192.168.1.254 [Modem] 64.231.25.93 (pub ip attributed to my modem)

  Cisco 2621 router configuration:

  Current configuration: 2649 bytes
  !
  version 12.3
  no cache Analyzer
  no service timestamps debug uptime
  no service the timestamps don't log uptime
  encryption password service
  !
  cisco2600 hostname
  !
  boot-start-marker
  start the system flash c2600-ik9o3s3 - mz.123 - 26.bin
  boot-end-marker
  !
  logging buffered debugging 10000
  no logging monitor
  !
  No aaa new-model
  IP subnet zero
  IP cef
  !
  !
  name-server IP 192.168.0.10
  !
  Max-events of po verification IP 100
  !

  username admin privilege 15 password 7 01100F175804
  !

  crypto ISAKMP policy 10
  BA 3des
  md5 hash
  preshared authentication
  Group 5
  ISAKMP crypto key mysecretkey address 52.39.49.77
  !
  life crypto ipsec security association seconds 28800
  !
  Crypto ipsec transform-set AMAZON-TRANSFORM-SET esp-3des esp-md5-hmac

  !
  11 INTERNET-CRYPTO ipsec-isakmp crypto map
  ! Incomplete
  description Amazon EC2 instance
  defined by peer 52.39.49.77
  transformation-AMAZON-TRANSFORM-SET game
  match address 111
  !
  !
  !
  !
  interface FastEthernet0/0
  Connection to the Bell Modem description
  IP 192.168.1.253 255.255.255.0
  NAT outside IP
  automatic duplex
  automatic speed
  crypto CRYPTO-INTERNET card
  !
  interface Serial0/0
  no ip address
  !
  interface FastEthernet0/1
  Description of the connection to the local network
  IP 192.168.0.254 255.255.255.0
  192.168.0.10 IP helper-address
  IP nat inside
  automatic duplex
  automatic speed
  No cdp enable
  !
  interface FastEthernet0/1.2
  Service Description Vlan
  encapsulation dot1Q 2
  IP 10.0.0.254 255.0.0.0
  192.168.0.10 IP helper-address
  IP nat inside
  !
  IP nat inside source list ACL - NAT interface FastEthernet0/0 overload
  IP nat inside source static tcp 192.168.0.47 3389 interface FastEthernet0/0 3389
  IP http server
  local IP http authentication
  no ip http secure server
  no ip classless
  IP route 0.0.0.0 0.0.0.0 192.168.1.254
  !
  !!
  !
  !
  extended ACL - NAT IP access list
  allow an ip
  allow a full tcp
  allow a udp
  recording of debug trap
  ease check syslog
  record 192.168.0.47
  access-list 111 allow ip 192.168.0.0 0.0.0.255 172.31.1.0 0.0.0.255
  !
  !
  !
  Dial-peer cor custom
  !
  !
  !
  Line con 0
  password 7 05080F1C2243
  opening of session
  line to 0
  line vty 0 4
  privilege level 15
  local connection
  transport telnet entry
  telnet output transport
  line vty 5 15
  privilege level 15
  local connection
  transport telnet entry
  telnet output transport
  !
  !
  end

  Openswan Configuration:

  file paulaga.secrets:

  64.231.25.93 192.168.1.253 52.39.49.77: PSK "mysecretkey.

  file paulaga.conf:

  Conn paulaga-home
  left = % defaultroute
  subnet # EC2 My leftsubnet=172.31.0.0/16
  leftid = 52.39.49.77 # EC2 my public ip
  right = 64.231.25.93 # My Home Modem public ip
  rightid = router 192.168.1.253 # My Home Cisco 2621 outside interface ip
  rightsubnet=192.168.0.0/24 # My Home LAN Cisco 2621
  authby secret =
  PFS = yes
  start = auto

  Hello

  Since we are getting the following error NO_PROPOSAL_CHOSEN could you please add the following on the router policies then check :

  crypto ISAKMP policy 10
  BA 3des
  md5 hash
  preshared authentication
  Group 5

  crypto ISAKMP policy 20
  BA 3des
  md5 hash
  preshared authentication
  Group 2

  crypto ISAKMP policy 30
  BA 3des
  sha hash
  preshared authentication
  Group 2

  crypto ISAKMP policy 40
  BA aes
  md5 hash
  preshared authentication
  Group 2

  Please test with the latter and keep us informed of the results.

  Kind regards

  Aditya

  Please evaluate the useful messages and mark the correct answers.

• Cannot connect Cisco UCCX Appadmin

  I'm running a Cisco Unified Voice Infrastructure where I can not connect to the UCCX server over https link to the IP address of the server. But I can ping the server, I can even connect using CLI mode. But I am not able to connect using the Web GUI. Using Firefox as browser it displays "Secure connection has no" - "an error occurred when connecting to 145.17.58.4:8443. SSL has received a low ephemeral Diffie-Hellman key in the handshake message exchange the server key. (Error code: ssl_error_weak_server_ephemeral_dh_key) ".

  I use google, read the administration guide and sought the support of the community but could not find a specific remedy for the issue. How can I fix it and connect to the server?

  Community rocks! Thanks in advance.

  Hi Soledad,

  It seems to be hitting bug id CSCuu83416 IE when you use Firefox to access a Web page that is affected by this issue, the following message may appear:

  Error: An error occurred during a connection to :. SSL has received a low ephermeral Diffie-Hellman key in handshake of the server key exchange message. (error code: ssl_error_weak_ephermeral_dh_key)

  You can try below workaround to solve this problem.

  (1) in FireFox, enter "subject: config" in the URL field and press to enter.
  (2) accept the warning "this might void your warranty!
  (3) in the top search field, enter "security.ssl3.dhe_rsa_aes".
  4) double-click on each result (128, 256) to pass the value to "false".

  This should fix the problem.

  Thank you!

  Kunal

  (Please indicate all useful posts)

• Cisco RV110w CLI

  Hello

  Is it possible to configure the router via CLI (command line interface)

  In other Cisco devices, we could always just insert a configuration through the CLI.

  However, it seems that it is only possible with the Webbrowser.

  Kind regards

  Tom

  Tom,

  N ° the RV110W can only be configured via a web browser.  There is no support for this router command line interface.

  Chris

• l2l more unstable fall vpn connection ADSL line

  Hello. I have a remote site connection vpn l2l is declining daily (remote site uses pix 501 (6.3), head office use asa 5510 (v7).) The only way I found to restore the connection is to restart the 501. The ISP have diagnosed a faulty line that keeps fall occasionally, but is it not the vpn can automatically reconnect if the line falls for a significant amount of time, which I think is the problem earlier? Thank you.

  You have KeepAlive enabled for this tunnel on both ends?

• IOS VPN will not respond to connections Cisco VPN Client.

  Hi all

  I'll put my routers fire here.

  I have two 2921 SRI both with licenses of security concerning leased lines separated. I configured one to accept our workers to remote Client VPN Cisco VPN connections.

  I have followed the set up process I used on another site with a router 1841/s and the same customers and I have also checked against the config given in the last guide of IOS15 EasyVPN.

  With debugs all assets, all I see is

  038062: 14:03:04.519 Dec 8: ISAKMP (0): received x.y.z.z dport-60225 Global (N) SA NEW 500 sport package
  038063: 14:03:04.519 Dec 8: ISAKMP: created a struct peer x.y.z.z, peer port 60225
  038064: 14:03:04.519 Dec 8: ISAKMP: new position created post = 0x3972090C peer_handle = 0x8001D881
  038065: 14:03:04.523 Dec 8: ISAKMP: lock struct 0x3972090C, refcount 1 to peer crypto_isakmp_process_block
  038066: 14:03:04.523 Dec 8: ISAKMP: (0): client setting Configuration parameters 3E156D70
  038067: 14:03:10.027 Dec 8: ISAKMP (0): packet received x.y.z.z dport 500 sport 60225 Global (R) MM_NO_STATE

  Here is the abbreviated config.

  System image file is "flash0:c2900 - universalk9-mz.» Spa. 154 - 1.T1.bin.

  AAA new-model
  !
  !
  AAA authentication login default local
  local VPNAUTH AAA authentication login
  AAA authorization exec default local
  local authorization AAA VPN network
  !
  !
  !
  !
  !
  AAA - the id of the joint session

  crypto ISAKMP policy 10
  BA aes
  preshared authentication
  Group 14

  ISAKMP crypto group configuration of VPN client
  key ****-****-****-****
  DNS 192.168.177.207 192.168.177.3
  xxx.local field
  pool VPNADDRESSES
  ACL REVERSEROUTE

  Crypto ipsec transform-set aes - esp esp-sha-hmac HASH
  tunnel mode

  Profile of crypto ipsec IPSECPROFILE
  the HASH transform-set value

  dynamic-map crypto VPN 1
  the HASH transform-set value
  market arriere-route
  !
  !
  list of authentication of card crypto client VPN VPNAUTH
  card crypto VPN VPN isakmp authorization list
  crypto map VPN client configuration address respond
  card crypto 65535-isakmp dynamic VPN ipsec VPN
  !
  !
  local IP VPNADDRESSES 172.16.198.16 pool 172.16.198.31

  REVERSEROUTE extended IP access list
  IP 192.168.0.0 allow 0.0.255.255 everything
  Licensing ip 10.0.0.0 0.0.0.255 any

  scope of IP-FIREWALL access list
  2 allow any host a.b.c.d eq non500-isakmp udp
  3 allow any host a.b.c.d eq isakmp udp
  4 ahp permits any host a.b.c.d
  5 esp of the permit any host a.b.c.d

  If anyone can see anything wrong, I would be very happy and it would save the destruction of a seemingly innocent router.

  Thank you

  Paul

  > I would be so happy and it would save the destruction of a seemingly innocent router.

  No, which won't work! But instead of destroying the router, I can do it for you. Just send it to me... ;-)

  OK, now more serious...

  1. The default Cisco IPSec client uses only DH group 2, while you set up the 14. Try to use Group 2 in your isakmp policy.
  2. You have your virtual model in place? She is not in the config.