Je serais heureux de publier la configuration ou les journaux pour référence, mais j'ai du mal à faire fonctionner mon VPN d'accès à distance sur la même interface que mon site à site VPN IPSEC. J'utilise une carte de chiffrement dynamique pour le VPN d'accès distant, mais il semble qu'il n'essaie pas de faire la première phase. Est-ce que quelqu'un pourrait me donner un exemple de configuration simple à partir duquel travailler?
ÉDITER:
Voici un vidage de débogage qui échoue après avoir implémenté les profils ISAKMP selon la suggestion ci-dessous. Je suis invité à saisir mon nom d'utilisateur et mon mot de passe, mais cela arrive à expiration. Il semble que l'autorisation isakmp échoue. Actuellement, l'autorisation isakmp est simplement définie dans la liste des utilisateurs locaux. Cela vous semble-t-il être le problème?
Jul 3 16:40:44.297: ISAKMP/aaa: unique id = 29277
Jul 3 16:40:44.297: ISAKMP:(0):Proposed key length does not match policy
Jul 3 16:40:44.297: ISAKMP:(0):atts are not acceptable. Next payload is 3
Jul 3 16:40:44.313: ISAKMP:(0):ISAKMP/tunnel: setting up tunnel REMOTEACCESS pw request
Jul 3 16:40:44.313: ISAKMP:(0):ISAKMP/tunnel: Tunnel REMOTEACCESS PW Request successfully sent to AAA
Jul 3 16:40:44.317: ISAKMP:(0):ISAKMP/tunnel: received callback from AAA
AAA/AUTHOR/IKE: Processing AV tunnel-password
AAA/AUTHOR/IKE: Processing AV addr-pool
AAA/AUTHOR/IKE: Processing AV inacl
AAA/AUTHOR/IKE: Processing AV dns-servers
AAA/AUTHOR/IKE: Processing AV wins-servers
AAA/AUTHOR/IKE: Processing AV route-metric
Jul 3 16:40:44.317: ISAKMP/tunnel: received tunnel atts
Jul 3 16:40:44.341: ISAKMP AAA: Deleting old aaa_uid = 29277
Jul 3 16:40:44.341: ISAKMP AAA: NAS Port Id is already set to 174.98.136.27
Jul 3 16:40:44.341: ISAKMP:(0):AAA: Nas Port ID set to 174.98.136.27.
Jul 3 16:40:44.341: ISAKMP AAA: Allocated new aaa_uid = 29278
Jul 3 16:40:44.341: ISAKMP AAA: Accounting is not enabled
Jul 3 16:40:48.337: ISAKMP AAA: NAS Port Id is already set to 174.98.136.27
Jul 3 16:40:48.337: ISAKMP/Authen: unique id = 29278
Jul 3 16:40:48.337: ISAKMP:(2110):AAA Authen: setting up authen_request
Jul 3 16:40:48.337: ISAKMP:(2110):AAA Authen: Successfully sent authen info to AAA
Jul 3 16:40:48.337: ISAKMP:(2110):AAA Authen: Local Authentication or no RADIUS atts recvd
Jul 3 16:40:48.349: ISAKMP:(2110):ISAKMP/author: setting up the authorization request for REMOTEACCESS
Jul 3 16:40:48.349: ISAKMP:(0):ISAKMP/author: received callback from AAA
AAA/AUTHOR/IKE: Processing AV tunnel-password
AAA/AUTHOR/IKE: Processing AV addr-pool
AAA/AUTHOR/IKE: Processing AV inacl
AAA/AUTHOR/IKE: Processing AV dns-servers
Jul 3 16:40:48.349:
AAA/AUTHOR/IKE: no DNS addresses
AAA/AUTHOR/IKE: Processing AV wins-servers
Jul 3 16:40:48.349:
AAA/AUTHOR/IKE: no WINS addresses
AAA/AUTHOR/IKE: Processing AV route-metric
Jul 3 16:40:48.349: ISAKMP:(2110):ISAKMP/author: No Class attributes
Jul 3 16:40:48.349: ISAKMP:FSM error - Message from AAA grp/user.
Je vois également ces erreurs lorsque je débogue les erreurs isakmp et ipsec et que je tire les journaux:
Jul 3 16:32:33.949: insert of map into mapdb AVL failed, map + ace pair already exists on the mapdb
Jul 3 16:32:57.557: ISAKMP:(0):Proposed key length does not match policy
Jul 3 16:32:57.557: ISAKMP:(0):atts are not acceptable. Next payload is 3
Jul 3 16:33:00.637: ISAKMP:FSM error - Message from AAA grp/user.