cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
479
Views
0
Helpful
4
Replies

Easy VPN issue

gautamzone
Level 1
Level 1

Hi friends,

I am stuck with an Easy VPN issue. The VPN is between a Cisco 877 IOS 12.4(11)T2 acting as an Easy VPN client and the Cisco VPN Concentrator 3015 Ver 4.1.7 as the VPN server.

The tunnel comes up successfully. The following is the output of:

show crypto ipsec client ezvpn 1721

Easy VPN Remote Phase: 6

Tunnel name : 1721

Inside interface list: BVI1

Outside interface: Dialer0

Current State: IPSEC_ACTIVE

Last Event: MTU_CHANGED

Address: 207.x.243.139 (applied on Loopback10000)

Mask: 255.255.255.255

DNS Primary: 207.x.241.11

DNS Secondary: 207.x.241.76

Save Password: Allowed

Current EzVPN Peer: xxx

THe VPN concentrator has been configured to tunnel everything. Now all traffic to Internet also must go through the VPN concentrator but it goes directly to the ISP cloud and bypasses the tunnel. So, internet works but bypassing the tunnel.

The tunnel though up is unable to send traffic through it.

I am also enclosing the running configuration of the problemmatic 877 router.

Additionally, with the same configuration on another 1721 router, it works. So, i believe that the problem lies only on the

877 router (EasyVPN client) and not the VPN server (VPN Concentrator 3015)

I am also enclosing the running configuration of the working 1721 router.

Looking forward to your inputs on this.

Thanks a lot

Gautam

4 Replies 4

gautamzone
Level 1
Level 1

Hi friends,

I am sorry if i was not clear enough in my previous post.

To make it simple, i would like to know if anyone of you have configured 877 router successfully as an Easy VPN client. If yes, i would like to get the config from you. You could take off the sensitive details like IP addresses, passwords etc and share it with me.

I will compare them with mine and figure out the gap.

Thanks a lot

Gautam

Hi Gautam -

My initial thoughts is this command:

xauth userid mode local

which is present on the 877 but not the 1721 might be causing the issue.

Tell me more how you are using that command.

Here's a link to a sample IOS configuration:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800945cf.shtml

thxs

peter

hi.

ive never actually used easy vpn config instead i make mine myself to connect to a router at the other end...

but .. shouldnt there be a match ACL# command be there where you define the peer in the crypto map..???

to tell which traffic should go through the tunnel..???

Hi,

I have the same problem using a PIX 7.0(1) as EasyVPN Server and Router 871 ADVIPSERVICESK9-M, Version 12.4(9)T1 as easyVPN remote client.

But it works between the same PIX and a router 2600 12.4(8).

I used the following link as reference http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080809222.shtml

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: