×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Cisco EAZYVPN problem

Unanswered Question
Apr 24th, 2012
User Badges:

Hi all,


I have a cisco EasyVPN between cisco 870 and cisco ASA 5510 and have a trouble:


EasyVPN ceased to work...


From the cisco 800 series I see that ISAKmp is up


#show cry isa sa

IPv4 Crypto ISAKMP SA

dst       src        state                       conn-id status

X.X.X.X Y.Y.Y.Y  QM_IDLE                 2050     ACTIVE

X.X.X.X Y.Y.Y.Y  MM_NO_STATE       2049     ACTIVE (deleted)

X.X.X.X Y.Y.Y.Y  MM_NO_STATE       2048     ACTIVE (deleted)

X.X.X.X Y.Y.Y.Y  MM_NO_STATE       2047     ACTIVE (deleted)


but ipsec phase is not established.


#show crypto ipsec sa


interface: Virtual-Access1

    Crypto map tag: Virtual-Access1-head-0, local addr Y.Y.Y.Y


   protected vrf: (none)

   local  ident (addr/mask/prot/port): (Y.Y.Y.Y/255.255.255.192/0/0)

   remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)

   current_peer X.X.X.X port 500

     PERMIT, flags={origin_is_acl,}

    #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0

    #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0

    #pkts compressed: 0, #pkts decompressed: 0

    #pkts not compressed: 0, #pkts compr. failed: 0

    #pkts not decompressed: 0, #pkts decompress failed: 0

    #send errors 0, #recv errors 0


002272: Apr 24 17:38:29.391 VRN: EZVPN(EZVPN_CLIENT): New State: CONNECT_REQUIRED

002273: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): Current State: CONNECT_REQUIRED

002274: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): Event: CONNECT

002275: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): ezvpn_connect_request

002276: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): Found valid peer X.X.X.X

002277: Apr 24 17:38:29.395 VRN: EzVPN(EZVPN_CLIENT): Max number of connection attempts made to X.X.X.X

, connecting to next peer

002278: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): ezvpn_close

002279: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): VPN Route Deleted 0.0.0.0 0.0.0.0 via Virtual-Access1 in IP DEFAULT TABLE

002280: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): nulling context

002281: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): Deleted PSK for address X.X.X.X


002282: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): No Connect ACL checking status change

002283: Apr 24 17:38:29.395 VRN: EzVPN: Local Traffic Feature Deleted

002284: Apr 24 17:38:29.395 VRN: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client)  User=<omitted>Group<omitted>Server_public_addr=X.X.X.X


002285: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): Deleted PSK for address X.X.X.X


002286: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): New active peer is X.X.X.X

002287: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): Ready to connect to peer X.X.X.X

002288: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): Attempting to connect to peer X.X.X.X

002289: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): Added PSK for address X.X.X.X


002290: Apr 24 17:38:29.395 VRN: EzVPN(EZVPN_CLIENT): sleep jitter delay 1679

002291: Apr 24 17:38:31.075 VRN: EZVPN: Static route change notify tableid 0, event DOWN, destination X.X.X.X gateway 0.0.0.0, interface Dialer1

002292: Apr 24 17:38:31.075 VRN: EZVPN(EZVPN_CLIENT): VPN Route Deleted X.X.X.X 255.255.255.255 via 0.0.0.0,Dialer1 in IP DEFAULT TABLE

002293: Apr 24 17:38:31.075 VRN: EZVPN: Static route change notify tableid 0, event UP, destination X.X.X.X, gateway 0.0.0.0, interface Dialer1

002294: Apr 24 17:38:31.075 VRN: EZVPN(EZVPN_CLIENT): VPN Route Added X.X.X.X 255.255.255.255 via 0.0.0.0,Dialer1 in IP DEFAULT TABLE

002295: Apr 24 17:38:31.075 VRN: EZVPN(EZVPN_CLIENT): New State: READY

002296: Apr 24 17:38:31.075 VRN: EZVPN(EZVPN_CLIENT): Current State: READY

002297: Apr 24 17:38:31.075 VRN: EZVPN(EZVPN_CLIENT): Event: CONNECT

002298: Apr 24 17:38:31.075 VRN: EZVPN(EZVPN_CLIENT): No state change

002299: Apr 24 17:38:31.135 VRN: EZVPN(EZVPN_CLIENT): Current State: READY

002300: Apr 24 17:38:31.135 VRN: EZVPN(EZVPN_CLIENT): Event: IKE_PFS

002301: Apr 24 17:38:31.135 VRN: EZVPN(EZVPN_CLIENT): No state change

002302: Apr 24 17:38:31.135 VRN: EZVPN(EZVPN_CLIENT): Current State: READY

002303: Apr 24 17:38:31.135 VRN: EZVPN(EZVPN_CLIENT): Event: CONN_UP

002304: Apr 24 17:38:31.135 VRN: EZVPN(EZVPN_CLIENT): ezvpn_conn_up 6548E586 3D665C22 53A25C20 F12F5F68


002305: Apr 24 17:38:31.135 VRN: EZVPN(EZVPN_CLIENT): No state change

002306: Apr 24 17:38:31.155 VRN: EZVPN(EZVPN_CLIENT): Current State: READY

002307: Apr 24 17:38:31.155 VRN: EZVPN(EZVPN_CLIENT): Event: XAUTH_REQUEST

002308: Apr 24 17:38:31.155 VRN: EZVPN(EZVPN_CLIENT): ezvpn_xauth_request

002309: Apr 24 17:38:31.155 VRN: EZVPN(EZVPN_CLIENT): ezvpn_parse_xauth_msg

002310: Apr 24 17:38:31.155 VRN: EZVPN: Attributes sent in xauth request message:

002311: Apr 24 17:38:31.155 VRN:         XAUTH_TYPE_V2(EZVPN_CLIENT): 0

002312: Apr 24 17:38:31.155 VRN:         XAUTH_USER_NAME_V2(EZVPN_CLIENT):

002313: Apr 24 17:38:31.155 VRN:         XAUTH_USER_PASSWORD_V2(EZVPN_CLIENT):

002314: Apr 24 17:38:31.155 VRN: EZVPN(EZVPN_CLIENT): send saved username<omitted>and password <omitted>

002315: Apr 24 17:38:31.155 VRN: EZVPN(EZVPN_CLIENT): New State: XAUTH_REQ

002316: Apr 24 17:38:31.155 VRN: EZVPN(EZVPN_CLIENT): Current State: XAUTH_REQ

002317: Apr 24 17:38:31.155 VRN: EZVPN(EZVPN_CLIENT): Event: XAUTH_REQ_INFO_READY

002318: Apr 24 17:38:31.155 VRN: EZVPN(EZVPN_CLIENT): ezvpn_xauth_reply

002319: Apr 24 17:38:31.155 VRN:         XAUTH_TYPE_V2(EZVPN_CLIENT): 0

002320: Apr 24 17:38:31.155 VRN:         XAUTH_USER_NAME_V2(EZVPN_CLIENT):<omitted>

002321: Apr 24 17:38:31.155 VRN:         XAUTH_USER_PASSWORD_V2(EZVPN_CLIENT): <omitted>

002322: Apr 24 17:38:31.155 VRN: EZVPN(EZVPN_CLIENT): New State: XAUTH_REPLIED

002323: Apr 24 17:38:31.243 VRN: EZVPN(EZVPN_CLIENT): Current State: XAUTH_REPLIED

002324: Apr 24 17:38:31.243 VRN: EZVPN(EZVPN_CLIENT): Event: XAUTH_STATUS

002325: Apr 24 17:38:31.243 VRN: EZVPN(EZVPN_CLIENT): xauth status received: Success

002326: Apr 24 17:38:31.243 VRN: EZVPN(EZVPN_CLIENT): New State: READY

002327: Apr 24 17:38:31.267 VRN: EZVPN(EZVPN_CLIENT): Current State: READY

002328: Apr 24 17:38:31.267 VRN: EZVPN(EZVPN_CLIENT): Event: MODE_CONFIG_REPLY

002329: Apr 24 17:38:31.267 VRN: EZVPN(EZVPN_CLIENT): VPN Route Deleted 0.0.0.0 0.0.0.0 via Virtual-Access1 in IP DEFAULT TABLE 6548E586 3D665C22 53A25C20 F12F5F68 6548E586 3D665C22 53A25C20 F12F5F68 6548E586 3D665C22 53A25C20 F12F5F68

002330: Apr 24 17:38:31.267 VRN: EZVPN(EZVPN_CLIENT): ezvpn_parse_mode_config_msg

002331: Apr 24 17:38:31.267 VRN: EZVPN: Attributes sent in message:

002332: Apr 24 17:38:31.267 VRN:         DNS Primary: X.X.X.X

002333: Apr 24 17:38:31.267 VRN:         DNS Secondary: X.X.X.X

002334: Apr 24 17:38:31.267 VRN:         Savepwd on

002335: Apr 24 17:38:31.267 VRN:         Default Domain: nodomain

002336: Apr 24 17:38:31.267 VRN:         Enabling PFS with group: 2

002337: Apr 24 17:38:31.267 VRN: EZVPN: Unknown/Unsupported Attr: APPLICATION_VERSION (0x7)

002338: Apr 24 17:38:31.271 VRN: EZVPN(EZVPN_CLIENT): ezvpn_mode_config

002339: Apr 24 17:38:31.271 VRN: EZVPN(EZVPN_CLIENT): New State: SS_OPEN

002340: Apr 24 17:38:31.299 VRN: EZVPN(EZVPN_CLIENT): Current State: SS_OPEN

002341: Apr 24 17:38:31.299 VRN: EZVPN(EZVPN_CLIENT): Event: SOCKET_READY

002342: Apr 24 17:38:31.299 VRN: EZVPN(EZVPN_CLIENT): No state change

002343: Apr 24 17:38:31.311 VRN: EZVPN(EZVPN_CLIENT): Current State: SS_OPEN

002344: Apr 24 17:38:31.311 VRN: EZVPN(EZVPN_CLIENT): Event: SOCKET_READY

002345: Apr 24 17:38:31.311 VRN: EZVPN(EZVPN_CLIENT): No state change

002346: Apr 24 17:38:31.311 VRN: EZVPN(EZVPN_CLIENT): Current State: SS_OPEN


002347: Apr 24 17:38:31.311 VRN: EZVPN(EZVPN_CLIENT): Event: SOCKET_READY

002348: Apr 24 17:38:31.311 VRN: EZVPN(EZVPN_CLIENT): No state change




#show crypto ipsec client ezvpn

Easy VPN Remote Phase: 8


Tunnel name : EZVPN_CLIENT

Inside interface list: Vlan1, Vlan3

Outside interface: Virtual-Access1 (bound to Dialer1)

Current State: SS_OPEN

Last Event: SOCKET_READY

DNS Primary: X.X.X.X

DNS Secondary: X.X.X.X

Default Domain: nodomain

Using PFS Group: 2

Save Password: Allowed

Current EzVPN Peer: X.X.X.X



_____________________




From ASA side i see


155 IKE Peer: X.X.X.X

    Type    : user            Role    : responder

    Rekey   : no              State   : AM_TM_INIT_MODECFG_V6H



Anybody knows what is the AM_TM_INIT_MODECFG_V6H state???? ANd what's the problem with this? Provider give me PPPoE

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion