Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

PIX to Router EZVPN failure

To all...I have a Cisco 2801 that is acting as an EZVPN server for about 8 PIX 506E's. When initially set up all the PIX's "sync'd" up fine. Now I've lost all my associations and the router isnt asnswering any Phase 1 requests. I see ISKMP coming in from the PIX's but when I run a debug on the router looking at ISAKMP and IPSEC I get nothing..any thoughts?

Community Member

Re: PIX to Router EZVPN failure

Forgot to add the router is running advipservicesk9-mz.123-14.T2 and the PIX's are 6.3(5) with PDM 3.0(4). Configs are right out of the PIX to IOS Router EZVPN config guide.

Cisco Employee

Re: PIX to Router EZVPN failure


Is the crypto map applied to the interface.

Did you change ISP, outside interface IP Address or is your ISP Blocking any VPN Traffic (UDP Port 500, etc).

You should atleast see some outputs when you enable isakmp and ipsec debugs. Are you consoled into the router or telnetted when you monitor the debugs. Please provide some additional info if possible.



Community Member

Re: PIX to Router EZVPN failure

Crypto map is applied to the interface, no ip changes have occured. We did suffer a power outage and the router lost its config, but we reloaded and all the PIX's reauthenticated. Checking the router with "show crypto isakmp sa" I see this message XAUTH_CONF. I will see this message only for a few minutes and then nothing, no debug messages, nothing at all. I reboot the router and all my PIX's rebuild their authentications but by the next day they are down again. Are my PIX's somehow getting hung with the XAUTH authentication?

CreatePlease to create content