871W EasyVPN Issues

Unanswered Question
Jul 8th, 2010

It's starting to feel like EasyVPN is not soo easy after all.

I'm having problems getting my 871 to connect to our ASA EasyVPN server in network-extension-mode with xauth userid mode local.When I do a 'sh crypto isa sa' I see the ISAKMP state listed as 'CONF_XAUTH'. If I do a 'sh crypto ipsec client ezvpn' I see the connection listed as  ready.

Also when I see EasyVPN connection down message, there is no user listed.

Any ideas?

Attached a debug output of 'debug crypto isakmp'

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Marcin Latosiewicz Thu, 07/08/2010 - 13:52


Without further debugs/configs hard to say ... password storage or NEM not being enable on ASA side COULD be the reason.


Robert Juric Thu, 07/08/2010 - 14:17

I think I've solved the issue by applying 'isakmp ikev1-user-authentication none' to the tunnel-group ipsec-attributes on the ASA. I will have to verify that this fixed it on Monday.

Robert Juric Fri, 07/09/2010 - 06:46

For an update, the above mentioned fix has resolved the issue without negatively affecting existing tunnels.



This Discussion