ASA5510 as ezvpn server and 877 as ezvpn cleint - problem

Unanswered Question
Apr 22nd, 2009
User Badges:


i have a 5510 setup behind an 877adsl router which does a static nat for all ports towards the ASA. this ASA is configured as an ezvpn server. i have no problems connecting to it with the software vpn clients. but the problem is when i use another 877adsl router as a ezvpn remote at a branch office. at the ezvpn remote it asks me for the xauth credentials and fails. so i created another group without xauth on the ASA and still VPN tunnel with the hardware client fails saying the commands were delivered to the router but the vpn tunnel failed to establish. pls help if u have any idea on whats happening


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Ivan Martinon Wed, 04/22/2009 - 09:52
User Badges:
  • Cisco Employee,

Please gather "debug crypto isakmp 15" on the ASA, and get the following on the router "debug crypto isakmp" "debug crypto ipsec client ezvpn" Post them here.

afshan_nava Sat, 04/25/2009 - 23:00
User Badges:

Hi martino

i have gone through this again. have u noticed the router debug says "peer does not do paranoid keepalives" before tearing down the connection. does this make any sence to u? i have also observed the VPN connection in QM_IDLE state for about a second before going back to QM_MM state, through the "sh crypto isakmp sa"


This Discussion