cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
712
Views
0
Helpful
6
Replies

ASA5510 as ezvpn server and 877 as ezvpn cleint - problem

afshan_nava
Level 1
Level 1

Hi

i have a 5510 setup behind an 877adsl router which does a static nat for all ports towards the ASA. this ASA is configured as an ezvpn server. i have no problems connecting to it with the software vpn clients. but the problem is when i use another 877adsl router as a ezvpn remote at a branch office. at the ezvpn remote it asks me for the xauth credentials and fails. so i created another group without xauth on the ASA and still VPN tunnel with the hardware client fails saying the commands were delivered to the router but the vpn tunnel failed to establish. pls help if u have any idea on whats happening

thanks

6 Replies 6

Ivan Martinon
Level 7
Level 7

Please gather "debug crypto isakmp 15" on the ASA, and get the following on the router "debug crypto isakmp" "debug crypto ipsec client ezvpn" Post them here.

pls find the attachments for the debugs u requested.

this is for a tunnel without xauth

thanks

afshan

Do me a favor can you post your ASA config?

here u go. i have attached the full config.

Hi martino

i have gone through this again. have u noticed the router debug says "peer does not do paranoid keepalives" before tearing down the connection. does this make any sence to u? i have also observed the VPN connection in QM_IDLE state for about a second before going back to QM_MM state, through the "sh crypto isakmp sa"

Hi guys

can't anyone help me on this?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: