01-16-2006 08:49 AM - edited 03-09-2019 01:38 PM
Hello all,
Please could someone look over my config below for a 1706 connecting via ADSL to a 3015 VPN Concentrator. I'm having trouble getting the tunnel to initiate - the only error I get is:
EZVPN: User connect request ignored,tunnel hw-client endpoint not ready for request
*Mar 1 01:35:41.603: ISAKMP:isadb_key_addr_delete: no key for address 100.100.100.100 (NULL root)
The config is below and I thought it was relatively straight forward. At this point I'm not debugging the 3015 server because I'm not even getting that far.
Thanks in advance.
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 1700
!
boot-start-marker
boot-end-marker
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
!
!
!
ip cef
ip ips po max-events 100
no ftp-server write-enable
!
!
!
crypto ipsec client ezvpn hw-client
connect auto
group hw-client key password
mode network-extension
peer x.x.x.x
!
!
!
interface ATM0
no ip address
no ip mroute-cache
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface BRI0
no ip address
shutdown
!
interface FastEthernet0
ip address 10.177.8.14 255.255.255.240
speed auto
crypto ipsec client ezvpn hw-client inside
!
interface Dialer1
description "ADSL Interface"
ip address dhcp
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp chap hostname hostname@provider.com
ppp chap password xxxx
crypto ipsec client ezvpn hw-client
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 10.x.x.x.255.255.240 FastEthernet0
no ip http server
ip http secure-server
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
end
01-16-2006 10:54 AM
Hello,
from the message "tunnel hw-client endpoint not ready for request" I would assume that the VPN Concentrator configuration is not in place or correct, assuming general connectivity is ok.
Can you check the VPN concentrator or configure it along the guidelines found in
"Configuring the Cisco EzVPN Client on Cisco IOS with the VPN 3000 Concentrator" at
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800945cf.shtml
What you also could do is to debug on your router the tunnel setup with
debug crypto ipsec client ezvpn
debug crypto ipsec
debug crypto isakmp
and post the messages obtained.
Hope this helps! Please rate all posts.
Regards, Martin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide