Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1434
Views
0
Helpful
1
Replies

1700 EZVPN to 3015 Help please

jason.scott
Level 1
Level 1

‎01-16-2006 08:49 AM - edited ‎03-09-2019 01:38 PM

Hello all,

Please could someone look over my config below for a 1706 connecting via ADSL to a 3015 VPN Concentrator. I'm having trouble getting the tunnel to initiate - the only error I get is:

EZVPN: User connect request ignored,tunnel hw-client endpoint not ready for request

*Mar 1 01:35:41.603: ISAKMP:isadb_key_addr_delete: no key for address 100.100.100.100 (NULL root)

The config is below and I thought it was relatively straight forward. At this point I'm not debugging the 3015 server because I'm not even getting that far.

Thanks in advance.

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname 1700

!

boot-start-marker

boot-end-marker

!

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

no aaa new-model

ip subnet-zero

!

!

!

ip cef

ip ips po max-events 100

no ftp-server write-enable

!

!

!

crypto ipsec client ezvpn hw-client

connect auto

group hw-client key password

mode network-extension

peer x.x.x.x

!

!

!

interface ATM0

no ip address

no ip mroute-cache

no atm ilmi-keepalive

dsl operating-mode auto

pvc 0/38

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

!

interface BRI0

no ip address

shutdown

!

interface FastEthernet0

ip address 10.177.8.14 255.255.255.240

speed auto

crypto ipsec client ezvpn hw-client inside

!

interface Dialer1

description "ADSL Interface"

ip address dhcp

no ip redirects

no ip unreachables

no ip proxy-arp

encapsulation ppp

dialer pool 1

ppp authentication chap callin

ppp chap hostname hostname@provider.com

ppp chap password xxxx

crypto ipsec client ezvpn hw-client

!

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

ip route 10.x.x.x.255.255.240 FastEthernet0

no ip http server

ip http secure-server

!

!

!

line con 0

line aux 0

line vty 0 4

login

!

end

Labels:
0 Helpful
1 Reply 1

mheusinger
Level 10
Level 10

‎01-16-2006 10:54 AM

Hello,

from the message "tunnel hw-client endpoint not ready for request" I would assume that the VPN Concentrator configuration is not in place or correct, assuming general connectivity is ok.

Can you check the VPN concentrator or configure it along the guidelines found in

"Configuring the Cisco EzVPN Client on Cisco IOS with the VPN 3000 Concentrator" at

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800945cf.shtml

What you also could do is to debug on your router the tunnel setup with

debug crypto ipsec client ezvpn

debug crypto ipsec

debug crypto isakmp

and post the messages obtained.

Hope this helps! Please rate all posts.

Regards, Martin

0 Helpful
Customers Also Viewed These Support Documents