Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

help. ezvpn issues.

ok. we have a UC500 at work on a dynamic ip that never changes. i am attempting to setup an ezvpn connection with an ASA, mainly for use with VOIP. the asa will connect, grab a vpn IP, and seem like it's connected. however, i cannot access resources on the remote network. when i connect with the vpn client on my system, i get full access.

here's my 'show run' because i know you'll want it.

Result of the command: "show run"

: Saved
ASA Version 7.2(4)
hostname asa
enable password [removed] encrypted
passwd [removed] encrypted
interface Vlan1
nameif inside
security-level 100
ip address
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group Verizon
ip address pppoe setroute
interface Vlan3
nameif dmz
security-level 50
ip address
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
dns server-group DefaultDNS
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
no failover
monitor-interface inside
monitor-interface outside
monitor-interface dmz
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group Verizon request dialout pppoe
vpdn group Verizon localname mlwartman
vpdn group Verizon ppp authentication pap
vpdn username mlwartman password ********* store-local
dhcpd auto_config outside
dhcpd option 3 ip
dhcpd address inside
dhcpd enable inside
vpnclient server  [removed]

vpnclient mode client-mode
vpnclient vpngroup EZVPN_GROUP_1 password ********
vpnclient username mlwartman password ********
vpnclient management tunnel
vpnclient enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
  message-length maximum 512
policy-map global_policy
class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
service-policy global_policy global
prompt hostname context
Cryptochecksum: [removed]

: end

i have been banging my head against this for too long, being stuck at this very place. i have been told before that the ezvpn wizard should provide all the connectivity i need to establish a VOIP connection with the UC to support our IP phones, but i can't even get it to provide connectivity to desktops, much less connect the phones to the call manager. please help...

CreatePlease to create content