Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Easy VPN issue

Hi friends,

I am stuck with an Easy VPN issue. The VPN is between a Cisco 877 IOS 12.4(11)T2 acting as an Easy VPN client and the Cisco VPN Concentrator 3015 Ver 4.1.7 as the VPN server.

The tunnel comes up successfully. The following is the output of:

show crypto ipsec client ezvpn 1721

Easy VPN Remote Phase: 6

Tunnel name : 1721

Inside interface list: BVI1

Outside interface: Dialer0

Current State: IPSEC_ACTIVE


Address: 207.x.243.139 (applied on Loopback10000)


DNS Primary: 207.x.241.11

DNS Secondary: 207.x.241.76

Save Password: Allowed

Current EzVPN Peer: xxx

THe VPN concentrator has been configured to tunnel everything. Now all traffic to Internet also must go through the VPN concentrator but it goes directly to the ISP cloud and bypasses the tunnel. So, internet works but bypassing the tunnel.

The tunnel though up is unable to send traffic through it.

I am also enclosing the running configuration of the problemmatic 877 router.

Additionally, with the same configuration on another 1721 router, it works. So, i believe that the problem lies only on the

877 router (EasyVPN client) and not the VPN server (VPN Concentrator 3015)

I am also enclosing the running configuration of the working 1721 router.

Looking forward to your inputs on this.

Thanks a lot


New Member

Re: Easy VPN issue

Hi friends,

I am sorry if i was not clear enough in my previous post.

To make it simple, i would like to know if anyone of you have configured 877 router successfully as an Easy VPN client. If yes, i would like to get the config from you. You could take off the sensitive details like IP addresses, passwords etc and share it with me.

I will compare them with mine and figure out the gap.

Thanks a lot


Cisco Employee

Re: Easy VPN issue

Hi Gautam -

My initial thoughts is this command:

xauth userid mode local

which is present on the 877 but not the 1721 might be causing the issue.

Tell me more how you are using that command.

Here's a link to a sample IOS configuration:



New Member

Re: Easy VPN issue


ive never actually used easy vpn config instead i make mine myself to connect to a router at the other end...

but .. shouldnt there be a match ACL# command be there where you define the peer in the crypto map..???

to tell which traffic should go through the tunnel..???

New Member

Re: Easy VPN issue


I have the same problem using a PIX 7.0(1) as EasyVPN Server and Router 871 ADVIPSERVICESK9-M, Version 12.4(9)T1 as easyVPN remote client.

But it works between the same PIX and a router 2600 12.4(8).

I used the following link as reference