871W EasyVPN Issues

Unanswered Question
Jul 8th, 2010
User Badges:

It's starting to feel like EasyVPN is not soo easy after all.

I'm having problems getting my 871 to connect to our ASA EasyVPN server in network-extension-mode with xauth userid mode local.When I do a 'sh crypto isa sa' I see the ISAKMP state listed as 'CONF_XAUTH'. If I do a 'sh crypto ipsec client ezvpn' I see the connection listed as  ready.

Also when I see EasyVPN connection down message, there is no user listed.

Any ideas?

Attached a debug output of 'debug crypto isakmp'

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Marcin Latosiewicz Thu, 07/08/2010 - 13:52
User Badges:
  • Cisco Employee,


Without further debugs/configs hard to say ... password storage or NEM not being enable on ASA side COULD be the reason.


Robert Juric Thu, 07/08/2010 - 14:17
User Badges:

I think I've solved the issue by applying 'isakmp ikev1-user-authentication none' to the tunnel-group ipsec-attributes on the ASA. I will have to verify that this fixed it on Monday.

Robert Juric Fri, 07/09/2010 - 06:46
User Badges:

For an update, the above mentioned fix has resolved the issue without negatively affecting existing tunnels.



This Discussion