I am trying to connect an 871 via EZVPN to a customer ezvpn server. I am told that all is setup correctly at their end.
I have checked the username/password setup several times and gone thru setting up auto connect and acl connect. Either way I get connected for about 10 minutes and then is drops and never comes back until I do a tunnel reset. Am I missnig something.
any ideas would be greatly appreciated before I jump out the window....I am on the first
I hava many 871s as ezvpn clients that connect to an ASA5510 and on a couple of them, I get the same thing.
Im about to open a TAC case but first I want to try out setting up logs and some debugs and see if those shed some light before I take it to cisco.
you could do the same... perhaps is the IOS versio. I remember when I first started deploying all the ezvpn clients, we had a lot of issues with the IOS versions on some of the 871s, especially on the ones that came with the latest versions. That was like 6 months ago.
When I get started doing this troubleshooting, I will compare all those IOS versions on the 871s that never give me a problem with the IOS version on the ones that drop every now and then... Im pretty sure I will find some pattern.
Like I said, on my initial testings, my I had many issues with 871s that had the newest IOS versions....
i have managed to get a connection but it almost seems like the setup does not understand interesting traffic. The ip phone I have sitting there just keeps cycling looking fora server. When I do a Test Tunnel, the phone magically comes up but then goes down again minutes later.
I proved this on many 871s running 12.4.15T8. That is one of the older versions that work better than then new ones, however, 2 of my 871s running that older IOS still dropping the connection, specially the IP phone.
I have already opened a case with Cisco. They are supposed to get back to me on that.
I've also enabled logs and they are saying stuff about the IOS versions, like bugs, but nothing about the EzVPN yet
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...