04-22-2009 04:03 AM
Hi
i have a 5510 setup behind an 877adsl router which does a static nat for all ports towards the ASA. this ASA is configured as an ezvpn server. i have no problems connecting to it with the software vpn clients. but the problem is when i use another 877adsl router as a ezvpn remote at a branch office. at the ezvpn remote it asks me for the xauth credentials and fails. so i created another group without xauth on the ASA and still VPN tunnel with the hardware client fails saying the commands were delivered to the router but the vpn tunnel failed to establish. pls help if u have any idea on whats happening
thanks
04-22-2009 09:52 AM
Please gather "debug crypto isakmp 15" on the ASA, and get the following on the router "debug crypto isakmp" "debug crypto ipsec client ezvpn" Post them here.
04-23-2009 04:34 AM
04-23-2009 06:20 AM
Do me a favor can you post your ASA config?
04-23-2009 08:34 AM
04-25-2009 11:00 PM
Hi martino
i have gone through this again. have u noticed the router debug says "peer does not do paranoid keepalives" before tearing down the connection. does this make any sence to u? i have also observed the VPN connection in QM_IDLE state for about a second before going back to QM_MM state, through the "sh crypto isakmp sa"
05-05-2009 09:44 PM
Hi guys
can't anyone help me on this?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: