cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
678
Views
0
Helpful
2
Replies

EZVPN Remote problem (871W to ASA 5520)

John Blakley
VIP Alumni
VIP Alumni

All,

I've been working on this all weekend, and I can't figure out what's wrong. My requirements are that I'm about to bring up a tunnel on demand from one host inside my network to my office for only certain subnets. I've got control of both sides router and ASA. The cisco vpn client works fine with any of the groups that I've tried under the ezvpn, but ezvpn won't negotiate. Under a "debug crypt isakmp" it shows that none of the ike proposals match and it fails Phase 1. On the ASA side, it only tells me that "Information Processing failed" with host x.x.x.x. I'm at a loss.

My current config on my router is attached.

In acl 102, I've tried just "permit ip host 10.20.1.200 any" and it makes the router reload. I changed my mode to client extension, but Cisco docs say that in order to use multiple subnets, you need to have network extension enabled. That didn't work either. I've tried to use the VPN groupname that the software clients use in the ASA, but it doesn't negotiate. I created a new group name for just my router, and I'm allowing only the networks that you see in the config, but that didn't work. I thought that it had something to do with my username because we authenticate to a RADIUS server, so I created a local account on the ASA and change the group-policy to use local authentication. That didn't work either.

Any ideas? I tried to change the version on my IOS to 12.4.24 (currently at 12.4.15), but that didn't work either.

Thanks,

John

HTH, John *** Please rate all useful posts ***
2 Replies 2

John Blakley
VIP Alumni
VIP Alumni

Here's my debug file

thanks,

John

HTH, John *** Please rate all useful posts ***

Have you enabled Network Extension Mode in the Group Polices on the ASA. Its disabled by default.

Have you allowed Reverse Route Injection for the crypto map in the asa

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: