cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
266
Views
0
Helpful
3
Replies

PIX to Router EZVPN failure

cerp
Level 1
Level 1

To all...I have a Cisco 2801 that is acting as an EZVPN server for about 8 PIX 506E's. When initially set up all the PIX's "sync'd" up fine. Now I've lost all my associations and the router isnt asnswering any Phase 1 requests. I see ISKMP coming in from the PIX's but when I run a debug on the router looking at ISAKMP and IPSEC I get nothing..any thoughts?

3 Replies 3

cerp
Level 1
Level 1

Forgot to add the router is running advipservicesk9-mz.123-14.T2 and the PIX's are 6.3(5) with PDM 3.0(4). Configs are right out of the PIX to IOS Router EZVPN config guide.

ajagadee
Cisco Employee
Cisco Employee

Jefferey,

Is the crypto map applied to the interface.

Did you change ISP, outside interface IP Address or is your ISP Blocking any VPN Traffic (UDP Port 500, etc).

You should atleast see some outputs when you enable isakmp and ipsec debugs. Are you consoled into the router or telnetted when you monitor the debugs. Please provide some additional info if possible.

Regards,

Arul

Crypto map is applied to the interface, no ip changes have occured. We did suffer a power outage and the router lost its config, but we reloaded and all the PIX's reauthenticated. Checking the router with "show crypto isakmp sa" I see this message XAUTH_CONF. I will see this message only for a few minutes and then nothing, no debug messages, nothing at all. I reboot the router and all my PIX's rebuild their authentications but by the next day they are down again. Are my PIX's somehow getting hung with the XAUTH authentication?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: