Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Easy VPN tunnel issue

I have 4 - 871's running 12.4(T8) that connect to an ASA running 8.x code utilizing EasyVPN. The problem is that 2 of the 871's connect and pass traffic without issue but the other 2 connect only for about 5 minutes. The configuration are all the same aside from ip's. I'm running the EasyVPN's in network extension mode. The weird thing is that they can pass traffic for about 5 minutes but following that they can not. ISAKMP and IPSEC stay connected and all appears as though it should be working but it doesn't.

871 config.

ip dhcp excluded-address 10.10.106.1

!

ip dhcp pool POOL1

import all

network 10.10.106.0 255.255.255.0

default-router 10.10.106.1

dns-server 10.10.14.51 10.10.14.53

netbios-name-server 10.10.14.10

domain-name microchip.com

lease 3

!

crypto ipsec client ezvpn hw-client

connect auto

group EasyVPNGroup key xxxxxx

mode network-extension

peer x.x.x.x

username mchp_easyvpn password xxxxxx

xauth userid mode local

!

!

!

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

ip address dhcp client-id FastEthernet4

ip virtual-reassembly

duplex auto

speed auto

crypto ipsec client ezvpn hw-client

!

interface Vlan1

description LAN

ip address 10.10.106.1 255.255.255.0

ip tcp adjust-mss 1400

crypto ipsec client ezvpn hw-client inside

ASA: I created an EasyVPNGroup.

group-policy EasyVPNGrpPolicy internal

group-policy EasyVPNGrpPolicy attributes

vpn-simultaneous-logins 10

vpn-idle-timeout none

vpn-session-timeout none

vpn-tunnel-protocol IPSec

password-storage enable

ip-comp disable

re-xauth disable

pfs enable

ipsec-udp disable

ipsec-udp-port 10000

nem enable

no nat's and routes are all setup and working.

Just curious if anyone has had a similiar issues or any thoughts would be appreciated.

1 REPLY
129
Views
0
Helpful
1
Replies