Cisco 3620 VPN not listening UDP 500 / 4500

My Cisco 3620 IOS router is not listening on ports 500 and 4500 to setup the VPN connection. what could be wrong with my config? acc01# sh ip sockets Proto Remote Port Local Port In Out Stat TTY OutputIF 17 0.0.0.0 0 xxx 67 0 0 2211 0 17 --listen-- xxx 123 0 0 1 0 17 --listen-- xxx 161 0 0 1 0 17 --listen-- xxx 162 0 0 11 0 17 --listen-- xxx 56636 0 0 1 0 ! version 12.3 service timestamps debug datetime localtime service timestamps log datetime localtime service password-encryption ! hostname xxx ! boot-start-marker boot-end-marker ! logging buffered 8096 debugging enable password xxx ! username console password xxx clock timezone GMT 1 clock summer-time GMT+01:00 recurring last Sun Mar 2:00 last Sun Oct 3:00 no aaa new-model ip subnet-zero no ip source-route ! ! no ip cef ip domain name xxx ip name-server xxx ip name-server xxx ! ip audit po max-events 100 ! isdn switch-type basic-net3 ! ! crypto isakmp policy 3 encr 3des authentication pre-share group 2 ! crypto isakmp policy 20 encr 3des authentication pre-share group 2 ! crypto isakmp client configuration group management key mykey dns xxx pool vpn_pool acl 100 ! ! crypto ipsec transform-set ip2encr esp-3des esp-md5-hmac ! crypto dynamic-map dynmap 40 set transform-set ip2encr ! ! crypto map ip2 client authentication list userauthen crypto map ip2 isakmp authorization list groupauthor crypto map ip2 client configuration address respond crypto map ip2 40 ipsec-isakmp dynamic dynmap ! ! ! ! interface FastEthernet0/0 ip address xxx 255.255.255.192 ip nat outside duplex auto speed auto no cdp enable crypto map ip2 ! interface FastEthernet0/1 ip address 10.1.0.254 255.255.0.0 ip nat inside duplex auto speed auto no cdp enable ! interface BRI1/0 no ip address isdn switch-type basic-net3 no cdp enable ! interface BRI1/1 no ip address shutdown isdn switch-type basic-net3 no cdp enable ! interface BRI1/2 no ip address shutdown isdn switch-type basic-net3 no cdp enable ! interface BRI1/3 no ip address shutdown isdn switch-type basic-net3 no cdp enable ! interface Group-Async1 ip address negotiated encapsulation ppp async mode interactive peer default ip address pool setup_pool ppp authentication chap pap group-range 1 2 ! ip local pool setup_pool 10.1.0.100 10.1.0.199 ip local pool vpn_pool 10.2.0.0 10.2.0.100 ip nat inside source route-map nonat interface FastEthernet0/0 overload no ip http server no ip http secure-server ip classless ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 ! ! access-list 1 permit 10.0.0.0 0.255.255.255 access-list 100 permit ip 10.1.0.0 0.0.255.255 10.2.0.0 0.0.255.255 access-list 101 deny ip 10.1.0.0 0.0.255.255 10.2.0.0 0.0.255.255 access-list 101 permit ip 10.1.0.0 0.0.255.255 any dialer-list 1 protocol ip permit no cdp run ! route-map nonat permit 10 match ip address 101 ! ! line con 0 line 1 2 login local modem Dialin autoselect during-login autoselect ppp stopbits 1 speed 115200 flowcontrol hardware line aux 0 line vty 0 4 password xxx login line vty 5 password xxx login ! end

Did you ever try to connect using the vpn clients. Secondlh you have used: > crypto map ip2 client authentication list userauthen > crypto map ip2 isakmp authorization list groupauthor But I dont see any equivalent aaa commans in the router config. aaa new-model Go to cisco.com and search for a sample config. Jan Baggen wrote: > My Cisco 3620 IOS router is not listening on ports 500 and 4500 to setup > the VPN connection. what could be wrong with my config? > > > acc01# sh ip sockets > Proto Remote Port Local Port In Out Stat TTY OutputIF > 17 0.0.0.0 0 xxx 67 0 0 2211 0 > 17 --listen-- xxx 123 0 0 1 0 > 17 --listen-- xxx 161 0 0 1 0 > 17 --listen-- xxx 162 0 0 11 0 > 17 --listen-- xxx 56636 0 0 1 0 > > > ! > version 12.3 > service timestamps debug datetime localtime > service timestamps log datetime localtime > service password-encryption > ! > hostname xxx > ! > boot-start-marker > boot-end-marker > ! > logging buffered 8096 debugging > enable password xxx > ! > username console password xxx > clock timezone GMT 1 > clock summer-time GMT+01:00 recurring last Sun Mar 2:00 last Sun Oct 3:00 > no aaa new-model > ip subnet-zero > no ip source-route > ! > ! > no ip cef > ip domain name xxx > ip name-server xxx > ip name-server xxx > ! > ip audit po max-events 100 > ! > isdn switch-type basic-net3 > ! > ! > crypto isakmp policy 3 > encr 3des > authentication pre-share > group 2 > ! > crypto isakmp policy 20 > encr 3des > authentication pre-share > group 2 > ! > crypto isakmp client configuration group management > key mykey > dns xxx > pool vpn_pool > acl 100 > ! > ! > crypto ipsec transform-set ip2encr esp-3des esp-md5-hmac > ! > crypto dynamic-map dynmap 40 > set transform-set ip2encr > ! > ! > crypto map ip2 client authentication list userauthen > crypto map ip2 isakmp authorization list groupauthor > crypto map ip2 client configuration address respond > crypto map ip2 40 ipsec-isakmp dynamic dynmap > ! > ! > ! > ! > interface FastEthernet0/0 > ip address xxx 255.255.255.192 > ip nat outside > duplex auto > speed auto > no cdp enable > crypto map ip2 > ! > interface FastEthernet0/1 > ip address 10.1.0.254 255.255.0.0 > ip nat inside > duplex auto > speed auto > no cdp enable > ! > interface BRI1/0 > no ip address > isdn switch-type basic-net3 > no cdp enable > ! > interface BRI1/1 > no ip address > shutdown > isdn switch-type basic-net3 > no cdp enable > ! > interface BRI1/2 > no ip address > shutdown > isdn switch-type basic-net3 > no cdp enable > ! > interface BRI1/3 > no ip address > shutdown > isdn switch-type basic-net3 > no cdp enable > ! > interface Group-Async1 > ip address negotiated > encapsulation ppp > async mode interactive > peer default ip address pool setup_pool > ppp authentication chap pap > group-range 1 2 > ! > ip local pool setup_pool 10.1.0.100 10.1.0.199 > ip local pool vpn_pool 10.2.0.0 10.2.0.100 > ip nat inside source route-map nonat interface FastEthernet0/0 overload > no ip http server > no ip http secure-server > ip classless > ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 > ! > ! > access-list 1 permit 10.0.0.0 0.255.255.255 > access-list 100 permit ip 10.1.0.0 0.0.255.255 10.2.0.0 0.0.255.255 > access-list 101 deny ip 10.1.0.0 0.0.255.255 10.2.0.0 0.0.255.255 > access-list 101 permit ip 10.1.0.0 0.0.255.255 any > dialer-list 1 protocol ip permit > no cdp run > ! > route-map nonat permit 10 > match ip address 101 > ! > ! > line con 0 > line 1 2 > login local > modem Dialin > autoselect during-login > autoselect ppp > stopbits 1 > speed 115200 > flowcontrol hardware > line aux 0 > line vty 0 4 > password xxx > login > line vty 5 > password xxx > login > ! > end

Similiar Articles:

How to reduce the availability delay of a Catalist port

ed_741

Are PIX software images interchangeable between models?

Petri

Controlling multilink calls on a server

vcjones

PIX 515E query

jonathan

CiscoWorks expiriences

Ivan

Connecting Cisco VPN Client through iptables

232

lbebensee

Building VPN's: Static/Dynamic//IOS/PIX/Cisco VPN Client/ all at the same time

hkreutz

Problem with dynamic VPN

hkreutz

No ipv6 in IPSec config ?

Biblo

1200 accesspoint as repeater

175

MPLS traffic engineering basic question

Mika

PIX: logging ;o)

Ives

Network connections lost with Visual Switch Manager

Peter

AS5400 recommended IOS ?

Darren

Very large client network - NATing woes

essenz

7/29/2012 2:41:23 AM