cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1692
Views
0
Helpful
5
Replies

EasyVPN client issue

Robert Juric
Level 1
Level 1

I've configured my EasyVPN server on an ASA 5505. I've got a PIX firewall acting as the remote client. The client is attempting to connect, however when I do a "sh crypto isakmp sa" on the server I see the state listed as "AM_TM_INIT_XAUTH_V6H". I've been unable to find much help for this on google. Any ideas the meaning of that state? I have 3 other remote clients connected without any problems.

Robert

5 Replies 5

Jennifer Halim
Cisco Employee
Cisco Employee

You would need to enter in the xauth (extended authentication) manually for this remote site.

Have you configured the following yet:

vpnclient username   password

vpnclient connect

Otherwise, please kindly share config from PIX remote which is not working, and 1 other remote site which works.

Yes I have those lines configured. I've attached the configs from a working PIX and the PIX I'm having problems with.

The PIX I'm having problems with is acting very strange. When I do a 'sh crypto isakmp sa' it says something like "Error: Cannot configure IKE or IPSEC while Easy VPN is enabled."

Thanks for that.

The only difference that I can see between the good and the bad PIX is the software version. The good one is running version 6.3.5, while the bad one runs 6.3.4. As far as configuration is concern, both good and bad ones look correct.

You might want to upgrade the bad one to version 6.3.5 as well.

I think this was actually related to the fact that the bad PIX had a restricted license and couldn't comply with the 3DES transform set.

I ended up bypassing by creating a site-to-site tunnel with a single DES transform set and it worked fine. I might go back later and see if I can set multiple transform sets to the dynamic map or if I can have multiple dynamic maps for legacy devices.

Good to hear it's working now.

Yes, you can definitely set multiple transform sets and assign it to your dynamic map. That is what most people do.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: