EzVPN Client Router Troubleshooting

Unanswered Question
Nov 2nd, 2009

Hi,

I need to have IPSecVPN between two SR520 routers. One has public ip address, one has not, so EzVPN seems to be the choice.

Server router is configured with zone-based policy firewall. Cisco software vpn client is working fine with this configuration. But the hardware client, ie,. the other SR520 is not working properly. The vpn tunnel is established, but no traffic can go through the tunnel. Client is configured as:

---

crypto ipsec client ezvpn mydvtieasyvpn

connect auto

group EZVPN_GROUP_1 key xxxxxxxxx

mode client

peer 203.109.203.212

username xxxxxxxxx password xxxxxxx

xauth userid mode local

!

----------------

-------

sh crypto ipsec client ezvpn

Easy VPN Remote Phase: 8

Tunnel name : mydvtieasyvpn

Inside interface list: BVI100

Outside interface: Vlan1

Current State: IPSEC_ACTIVE

Last Event: MTU_CHANGED

Address: 10.100.100.118 (applied on Loopback10000)

Mask: 255.255.255.255

DNS Primary: 10.1.1.30

Save Password: Allowed

Split Tunnel List: 1

Address : 10.1.1.0

Mask : 255.255.255.0

Protocol : 0x0

Source Port: 0

Dest Port : 0

Split Tunnel List: 2

Address : 10.10.1.0

Mask : 255.255.255.0

Protocol : 0x0

Source Port: 0

Dest Port : 0

Current EzVPN Peer: 203.109.203.212

On the server, 'show cry ips sa' shows packets enc or decry when pinging from client. But no packets decypted on the client. It seems the server is sending back correctly. Why the client does not receive them? How to troubleshoot this?

Thanks in advance.

W

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion