EzVPN Client Router Troubleshooting

Unanswered Question
Nov 2nd, 2009
User Badges:


I need to have IPSecVPN between two SR520 routers. One has public ip address, one has not, so EzVPN seems to be the choice.

Server router is configured with zone-based policy firewall. Cisco software vpn client is working fine with this configuration. But the hardware client, ie,. the other SR520 is not working properly. The vpn tunnel is established, but no traffic can go through the tunnel. Client is configured as:


crypto ipsec client ezvpn mydvtieasyvpn

connect auto

group EZVPN_GROUP_1 key xxxxxxxxx

mode client


username xxxxxxxxx password xxxxxxx

xauth userid mode local




sh crypto ipsec client ezvpn

Easy VPN Remote Phase: 8

Tunnel name : mydvtieasyvpn

Inside interface list: BVI100

Outside interface: Vlan1

Current State: IPSEC_ACTIVE


Address: (applied on Loopback10000)


DNS Primary:

Save Password: Allowed

Split Tunnel List: 1

Address :

Mask :

Protocol : 0x0

Source Port: 0

Dest Port : 0

Split Tunnel List: 2

Address :

Mask :

Protocol : 0x0

Source Port: 0

Dest Port : 0

Current EzVPN Peer:

On the server, 'show cry ips sa' shows packets enc or decry when pinging from client. But no packets decypted on the client. It seems the server is sending back correctly. Why the client does not receive them? How to troubleshoot this?

Thanks in advance.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion