Screwed up VPN Client Connection

I was working from home this morning trying to get one of our Cisco 871's to set up a site-to-site to our main office.

I was cleaning up stuff that wasn't needed from a previous attempt and I must have deleted too much and something that was needed. Whats the easiest way to fix this...Looks like I deleted the crypto map for my connection....

TIA.

Tim


[code:1]
5 Feb 19 2009 10:33:32 713904 IP = 204.210.167.198, Received encrypted packet with no matching SA, dropping
4 Feb 19 2009 10:33:32 113019 Group = mops-vpn, Username = timparker, IP = MOPS_Thru_Dlink, Session disconnected. Session Type: IPSec, Duration: 0h:00m:00s, Bytes xmt: 0, Bytes rcv: 0, Reason: crypto map policy not found
3 Feb 19 2009 10:33:32 713902 Group = mops-vpn, Username = timparker, IP = 204.x.y.198, Removing peer from correlator table failed, no match!
3 Feb 19 2009 10:33:32 713902 Group = mops-vpn, Username = timparker, IP = 204.x.y.198, QM FSM error (P2 struct &0x42181d8, mess id 0x51a6f5b0)!
3 Feb 19 2009 10:33:32 713061 Group = mops-vpn, Username = timparker, IP = 204.x.y.198, Rejecting IPSec tunnel: no matching crypto map entry for remote proxy 192.168.5.95/255.255.255.255/0/0 local proxy 0.0.0.0/0.0.0.0/0/0 on interface outside
3 Feb 19 2009 10:33:32 713119 Group = mops-vpn, Username = timparker, IP = 204.x.y.198, PHASE 1 COMPLETED
6 Feb 19 2009 10:33:32 713228 Group = mops-vpn, Username = timparker, IP = 204.x.y.198, Assigned private IP address 192.168.5.95 to remote user
6 Feb 19 2009 10:33:32 713184 Group = mops-vpn, Username = timparker, IP = 204.x.y.198, Client Type: WinNT Client Application Version: 5.0.02.0090
5 Feb 19 2009 10:33:32 713130 Group = mops-vpn, Username = timparker, IP = 204.x.y.198, Received unsupported transaction mode attribute: 5
6 Feb 19 2009 10:33:32 113008 AAA transaction status ACCEPT : user = timparker
6 Feb 19 2009 10:33:32 113009 AAA retrieved default group policy (mops-vpn) for user = timparker
6 Feb 19 2009 10:33:32 113011 AAA retrieved user specific group policy (mops-vpn) for user = timparker
6 Feb 19 2009 10:33:32 113003 AAA group policy for user timparker is being set to mops-vpn
6 Feb 19 2009 10:33:32 113012 AAA user authentication Successful : local database : user = timparker

[/code:1]

Restore the config from a backup that you created before removing parts of the configuration...?

Ah. hmmm yeah.....well, let's see.....

Ok. you got me. I didn't make a backup.....I was on a roll (so I thought and I didn't think before making changes....).....

Lesson learned [I HOPE]

well I found a printout of a config from 2/13 and the only entries that I see that aren't in the current one that look to be vpn/crypto related are:

[code:1]
crypto dynamic-map outside_dyn_map 20 set pfs group1
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 40 set pfs group1
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA
[/code:1]

so I added these back in but it doesn't appear to have helped at all. Guess this is what I get for not making a backup before doing a change.

Any one have thoughts? I also tried the account that I set up for my boss and it did the same thing.

Well I deleted the vpn tunnel group and rebuilt it. It is now working again. Time to get a good config and figure out what I was missing....sorry for the forum noise.

No worries. I try to make a backup before any changes, but sadly I skip it from time to time. For some reason I feel it takes more than 5 seconds to make a backup and I am that lazy!

After you put the configuration back in you could try to clear the crypto. The command is something like clear crypto isa sa for phase 1 and clear crypto map sa for phase 2... I think.