Guten Tag,
Ich verzweifel gerade an der VPN Clienteinwahl. Ich bekomme bei der Einwahl mit dem VPN Client im Debug immer folgendes angezeigt:
Code:
ISAKMP:(0):Xauth authentication by pre-shared key offered but does not match policy!
ISAKMP:(0):atts are not acceptable. Next payload is 3
ISAKMP:(0):Checking ISAKMP transform 2 against priority 1 policy
Die Konfig sieht so aus:
Code:
aaa new-model
!
aaa authentication login default local-case
aaa authentication login CONSOLE local-case
aaa authorization exec default local
!
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 2
!
crypto isakmp policy 2
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp policy 3
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp policy 4
encr 3des
authentication pre-share
group 2
!
crypto isakmp key xxx address w.x.y.z no-xauth
!
crypto isakmp client configuration group vpn-group
key xyz
dns 192.168.16.100
domain domain.loc
pool SDM_POOL_1
acl VPNClient
save-password
pfs
max-users 20
netmask 255.255.255.0
!
!
crypto ipsec transform-set esp-aes256 esp-aes 256 esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set esp-aes256
match address VPNClient
reverse-route
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
set peer w.x.y.z
match address VPN_Tunnel
reverse-route
!
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
ip access-list extended VPNClient
permit ip 192.168.250.0 0.0.0.255 any
!
ip access-list extended VPN_Tunnel
permit ip 192.168.17.0 0.0.0.255 192.168.16.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 192.168.16.0 0.0.0.255
Ich hoffe es hat noch jemand einen Tipp für mich. Mir gehen langsam die Ideen aus.
