I'm trying to get vpn on my home router working, but I keep getting the following error in my syslog:
Mar 4 16:06:49 nosey 77118: nosey: 4w2d: %CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE pack
et from 217.155.216.166 was not encrypted and it should've been.
Any idea on what I'm doing wrong?
my current config is:
Mar 4 16:06:49 nosey 77118: nosey: 4w2d: %CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE pack
et from 217.155.216.166 was not encrypted and it should've been.
Any idea on what I'm doing wrong?
my current config is:
Code:
Current configuration : 5065 bytes
!
! Last configuration change at 16:09:39 GMT Sat Mar 4 2006 by growse
! NVRAM config last updated at 15:56:29 GMT Sat Mar 4 2006 by growse
!
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname nosey
!
boot-start-marker
boot-end-marker
!
memory-size iomem 5
logging count
logging userinfo
no logging buffered
no logging console
enable secret 5 *******
!
username growse password 7 *******
clock timezone GMT 0
clock summer-time BST recurring last Sun Mar 1:00 last Sun Oct 1:00
aaa new-model
!
!
aaa authentication login userauthenticate local
aaa authorization network groupauthorise local
aaa session-id common
ip subnet-zero
no ip source-route
no ip icmp rate-limit unreachable
ip dhcp excluded-address 192.168.0.1
ip dhcp excluded-address 192.168.0.1 192.168.0.19
!
ip dhcp pool CLIENT
import all
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
domain-name mrmen.home
dns-server 192.168.0.1
!
!
ip domain timeout 1
ip domain name mrmen.home
ip name-server 192.168.0.2
no ip bootp server
ip inspect max-incomplete low 70
ip inspect max-incomplete high 100
ip inspect one-minute low 300
ip inspect one-minute high 400
ip inspect udp idle-time 20
ip inspect dns-timeout 1
ip inspect tcp idle-time 900
ip inspect tcp finwait-time 3
ip inspect tcp synwait-time 15
ip inspect name inspectout icmp
ip inspect name myinspect http timeout 10
ip inspect name myinspect icmp
ip inspect name myinspect tcp
ip inspect name myinspect udp
ip inspect name myinspect smtp
ip ips po max-events 100
ip ssh authentication-retries 2
ip ssh source-interface Ethernet0
ip ssh rsa keypair-name mine
ip ssh version 2
no ftp-server write-enable
!
!
!
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group growse
key ************
dns 192.168.0.1
domain *******
pool ippool
!
!
crypto ipsec transform-set ts-mrmen esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 10
set transform-set ts-mrmen
!
!
crypto map clientmap client authentication list userauthenticate
crypto map clientmap isakmp authorization list groupauthorise
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!
interface Ethernet0
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip mroute-cache
no cdp enable
hold-queue 100 out
!
interface Ethernet2
ip address 10.1.0.1 255.255.255.0
shutdown
hold-queue 100 out
!
interface ATM0
no ip address
no ip mroute-cache
atm vc-per-vp 64
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
duplex auto
speed auto
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface Dialer1
ip address negotiated
ip access-group INTERNET-IN in
ip nat outside
ip inspect myinspect out
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname ************
ppp chap password 7 ********
ppp pap sent-username *************
ppp ipcp dns request
ppp ipcp wins request
crypto map clientmap
hold-queue 224 in
!
ip local pool ippool 192.168.0.100 192.168.0.110
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route [ext_ip] 255.255.255.255 Ethernet0 192.168.0.2
no ip http server
no ip http secure-server
ip dns server
!
ip nat inside source list 102 interface Dialer1 overload
ip nat inside source static tcp 192.168.0.2 25 interface Dialer1 25
ip nat inside source static tcp 192.168.0.2 80 interface Dialer1 80
ip nat inside source static tcp 192.168.0.2 443 interface Dialer1 443
!
!
ip access-list extended INTERNET-IN
permit tcp any any eq www
permit tcp any any eq 443
permit udp any any eq domain
permit esp any host [ext_ip]
permit udp any eq isakmp host [ext_ip] eq isakmp
permit ip 192.168.0.0 0.0.0.255 192.168.0.0 0.0.0.255
permit tcp any any eq smtp
deny ip any any log
logging origin-id hostname
logging 192.168.0.2
access-list 102 permit ip 192.168.0.0 0.0.0.255 any
dialer-list 1 protocol ip permit
snmp-server community mrmen RO
snmp-server location Under The Chest of Drawers
snmp-server contact Andrew
snmp-server enable traps tty
no cdp run
!
control-plane
!
banner login ^CC
[--- Hello! ---]
Go Away. You Are Being Watched.
^C
!
line con 0
exec-timeout 120 0
no modem enable
transport preferred all
transport output all
stopbits 1
line aux 0
transport preferred all
transport output all
line vty 0 4
access-class 23 in
exec-timeout 120 0
length 0
transport preferred ssh
transport input ssh
transport output all
!
scheduler max-task-time 5000
sntp server 192.36.143.150
sntp broadcast client
end