06-11-2007 06:28 AM - edited 02-21-2020 03:06 PM
Hi friends,
I am stuck with an Easy VPN issue. The VPN is between a Cisco 877 IOS 12.4(11)T2 acting as an Easy VPN client and the Cisco VPN Concentrator 3015 Ver 4.1.7 as the VPN server.
The tunnel comes up successfully. The following is the output of:
show crypto ipsec client ezvpn 1721
Easy VPN Remote Phase: 6
Tunnel name : 1721
Inside interface list: BVI1
Outside interface: Dialer0
Current State: IPSEC_ACTIVE
Last Event: MTU_CHANGED
Address: 207.x.243.139 (applied on Loopback10000)
Mask: 255.255.255.255
DNS Primary: 207.x.241.11
DNS Secondary: 207.x.241.76
Save Password: Allowed
Current EzVPN Peer: xxx
THe VPN concentrator has been configured to tunnel everything. Now all traffic to Internet also must go through the VPN concentrator but it goes directly to the ISP cloud and bypasses the tunnel. So, internet works but bypassing the tunnel.
The tunnel though up is unable to send traffic through it.
I am also enclosing the running configuration of the problemmatic 877 router.
Additionally, with the same configuration on another 1721 router, it works. So, i believe that the problem lies only on the
877 router (EasyVPN client) and not the VPN server (VPN Concentrator 3015)
I am also enclosing the running configuration of the working 1721 router.
Looking forward to your inputs on this.
Thanks a lot
Gautam
06-13-2007 08:31 AM
Hi friends,
I am sorry if i was not clear enough in my previous post.
To make it simple, i would like to know if anyone of you have configured 877 router successfully as an Easy VPN client. If yes, i would like to get the config from you. You could take off the sensitive details like IP addresses, passwords etc and share it with me.
I will compare them with mine and figure out the gap.
Thanks a lot
Gautam
06-22-2007 08:58 PM
Hi Gautam -
My initial thoughts is this command:
xauth userid mode local
which is present on the 877 but not the 1721 might be causing the issue.
Tell me more how you are using that command.
Here's a link to a sample IOS configuration:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800945cf.shtml
thxs
peter
06-27-2007 04:46 AM
hi.
ive never actually used easy vpn config instead i make mine myself to connect to a router at the other end...
but .. shouldnt there be a match ACL# command be there where you define the peer in the crypto map..???
to tell which traffic should go through the tunnel..???
07-07-2007 03:06 PM
Hi,
I have the same problem using a PIX 7.0(1) as EasyVPN Server and Router 871 ADVIPSERVICESK9-M, Version 12.4(9)T1 as easyVPN remote client.
But it works between the same PIX and a router 2600 12.4(8).
I used the following link as reference http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080809222.shtml
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: