Anyone tried this? I have a customer router that was setup for vpn clients but then the one client decided he wanted faster access so he got an 827 and I configured it to work peer to peer with a dynamic address on his new 827. Since no one needed client access I didn't bother to check it still worked and now they do and it doesn't.
no service pad
service timestamps debug uptime
service timestamps log uptime
aaa authentication login userlist group radius local
aaa authentication login grouplist group radius local
aaa session-id common
enable secret xxxxxxxx
username maclean password xxxxxxxx
username AJBates password xxxxxxxx
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no ip source-route
no ip domain-lookup
ip inspect name firewall cuseeme
ip inspect name firewall http java-list 1
ip inspect name firewall smtp
ip inspect name firewall tftp
ip inspect name firewall vdolive
ip inspect name firewall h323
ip inspect name firewall realaudio
ip inspect name firewall sqlnet
ip inspect name firewall rtsp
ip inspect name firewall fragment maximum 256 timeout 1
You set the 827 up as an EzVPN client, or as a LAN-to-LAN connection? Looks like the former, in which case you shouldn't have needed to change anything on the customer router, correct? What does the debug show when a client tries to connect in now?
I would remove the "match address 110" from the dynamic crypto map, these always tend to cause more problems than they're worth.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...