Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1490
Views
0
Helpful
0
Replies

Cisco EAZYVPN problem

CSCO11724338
Level 1
Level 1

‎04-24-2012 07:19 AM

Hi all,

I have a cisco EasyVPN between cisco 870 and cisco ASA 5510 and have a trouble:

EasyVPN ceased to work...

From the cisco 800 series I see that ISAKmp is up

#show cry isa sa

IPv4 Crypto ISAKMP SA

dst       src        state                       conn-id status

X.X.X.X Y.Y.Y.Y  QM_IDLE                 2050     ACTIVE

X.X.X.X Y.Y.Y.Y  MM_NO_STATE       2049     ACTIVE (deleted)

X.X.X.X Y.Y.Y.Y  MM_NO_STATE       2048     ACTIVE (deleted)

X.X.X.X Y.Y.Y.Y  MM_NO_STATE       2047     ACTIVE (deleted)

but ipsec phase is not established.

#show crypto ipsec sa

interface: Virtual-Access1

    Crypto map tag: Virtual-Access1-head-0, local addr Y.Y.Y.Y

   protected vrf: (none)

   local  ident (addr/mask/prot/port): (Y.Y.Y.Y/255.255.255.192/0/0)

   remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)

   current_peer X.X.X.X port 500

     PERMIT, flags={origin_is_acl,}

    #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0

    #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0

    #pkts compressed: 0, #pkts decompressed: 0

    #pkts not compressed: 0, #pkts compr. failed: 0

    #pkts not decompressed: 0, #pkts decompress failed: 0

    #send errors 0, #recv errors 0

002272: Apr 24 17:38:29.391 VRN: EZVPN(EZVPN_CLIENT): New State: CONNECT_REQUIRED

002273: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): Current State: CONNECT_REQUIRED

002274: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): Event: CONNECT

002275: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): ezvpn_connect_request

002276: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): Found valid peer X.X.X.X

002277: Apr 24 17:38:29.395 VRN: EzVPN(EZVPN_CLIENT): Max number of connection attempts made to X.X.X.X

, connecting to next peer

002278: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): ezvpn_close

002279: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): VPN Route Deleted 0.0.0.0 0.0.0.0 via Virtual-Access1 in IP DEFAULT TABLE

002280: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): nulling context

002281: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): Deleted PSK for address X.X.X.X

002282: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): No Connect ACL checking status change

002283: Apr 24 17:38:29.395 VRN: EzVPN: Local Traffic Feature Deleted

002284: Apr 24 17:38:29.395 VRN: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client)  User=<omitted>Group<omitted>Server_public_addr=X.X.X.X

002285: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): Deleted PSK for address X.X.X.X

002286: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): New active peer is X.X.X.X

002287: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): Ready to connect to peer X.X.X.X

002288: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): Attempting to connect to peer X.X.X.X

002289: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): Added PSK for address X.X.X.X

002290: Apr 24 17:38:29.395 VRN: EzVPN(EZVPN_CLIENT): sleep jitter delay 1679

002291: Apr 24 17:38:31.075 VRN: EZVPN: Static route change notify tableid 0, event DOWN, destination X.X.X.X gateway 0.0.0.0, interface Dialer1

002292: Apr 24 17:38:31.075 VRN: EZVPN(EZVPN_CLIENT): VPN Route Deleted X.X.X.X 255.255.255.255 via 0.0.0.0,Dialer1 in IP DEFAULT TABLE

002293: Apr 24 17:38:31.075 VRN: EZVPN: Static route change notify tableid 0, event UP, destination X.X.X.X, gateway 0.0.0.0, interface Dialer1

002294: Apr 24 17:38:31.075 VRN: EZVPN(EZVPN_CLIENT): VPN Route Added X.X.X.X 255.255.255.255 via 0.0.0.0,Dialer1 in IP DEFAULT TABLE

002295: Apr 24 17:38:31.075 VRN: EZVPN(EZVPN_CLIENT): New State: READY

002296: Apr 24 17:38:31.075 VRN: EZVPN(EZVPN_CLIENT): Current State: READY

002297: Apr 24 17:38:31.075 VRN: EZVPN(EZVPN_CLIENT): Event: CONNECT

002298: Apr 24 17:38:31.075 VRN: EZVPN(EZVPN_CLIENT): No state change

002299: Apr 24 17:38:31.135 VRN: EZVPN(EZVPN_CLIENT): Current State: READY

002300: Apr 24 17:38:31.135 VRN: EZVPN(EZVPN_CLIENT): Event: IKE_PFS

002301: Apr 24 17:38:31.135 VRN: EZVPN(EZVPN_CLIENT): No state change

002302: Apr 24 17:38:31.135 VRN: EZVPN(EZVPN_CLIENT): Current State: READY

002303: Apr 24 17:38:31.135 VRN: EZVPN(EZVPN_CLIENT): Event: CONN_UP

002304: Apr 24 17:38:31.135 VRN: EZVPN(EZVPN_CLIENT): ezvpn_conn_up 6548E586 3D665C22 53A25C20 F12F5F68

002305: Apr 24 17:38:31.135 VRN: EZVPN(EZVPN_CLIENT): No state change

002306: Apr 24 17:38:31.155 VRN: EZVPN(EZVPN_CLIENT): Current State: READY

002307: Apr 24 17:38:31.155 VRN: EZVPN(EZVPN_CLIENT): Event: XAUTH_REQUEST

002308: Apr 24 17:38:31.155 VRN: EZVPN(EZVPN_CLIENT): ezvpn_xauth_request

002309: Apr 24 17:38:31.155 VRN: EZVPN(EZVPN_CLIENT): ezvpn_parse_xauth_msg

002310: Apr 24 17:38:31.155 VRN: EZVPN: Attributes sent in xauth request message:

002311: Apr 24 17:38:31.155 VRN:         XAUTH_TYPE_V2(EZVPN_CLIENT): 0

002312: Apr 24 17:38:31.155 VRN:         XAUTH_USER_NAME_V2(EZVPN_CLIENT):

002313: Apr 24 17:38:31.155 VRN:         XAUTH_USER_PASSWORD_V2(EZVPN_CLIENT):

002314: Apr 24 17:38:31.155 VRN: EZVPN(EZVPN_CLIENT): send saved username<omitted>and password <omitted>

002315: Apr 24 17:38:31.155 VRN: EZVPN(EZVPN_CLIENT): New State: XAUTH_REQ

002316: Apr 24 17:38:31.155 VRN: EZVPN(EZVPN_CLIENT): Current State: XAUTH_REQ

002317: Apr 24 17:38:31.155 VRN: EZVPN(EZVPN_CLIENT): Event: XAUTH_REQ_INFO_READY

002318: Apr 24 17:38:31.155 VRN: EZVPN(EZVPN_CLIENT): ezvpn_xauth_reply

002319: Apr 24 17:38:31.155 VRN:         XAUTH_TYPE_V2(EZVPN_CLIENT): 0

002320: Apr 24 17:38:31.155 VRN:         XAUTH_USER_NAME_V2(EZVPN_CLIENT):<omitted>

002321: Apr 24 17:38:31.155 VRN:         XAUTH_USER_PASSWORD_V2(EZVPN_CLIENT): <omitted>

002322: Apr 24 17:38:31.155 VRN: EZVPN(EZVPN_CLIENT): New State: XAUTH_REPLIED

002323: Apr 24 17:38:31.243 VRN: EZVPN(EZVPN_CLIENT): Current State: XAUTH_REPLIED

002324: Apr 24 17:38:31.243 VRN: EZVPN(EZVPN_CLIENT): Event: XAUTH_STATUS

002325: Apr 24 17:38:31.243 VRN: EZVPN(EZVPN_CLIENT): xauth status received: Success

002326: Apr 24 17:38:31.243 VRN: EZVPN(EZVPN_CLIENT): New State: READY

002327: Apr 24 17:38:31.267 VRN: EZVPN(EZVPN_CLIENT): Current State: READY

002328: Apr 24 17:38:31.267 VRN: EZVPN(EZVPN_CLIENT): Event: MODE_CONFIG_REPLY

002329: Apr 24 17:38:31.267 VRN: EZVPN(EZVPN_CLIENT): VPN Route Deleted 0.0.0.0 0.0.0.0 via Virtual-Access1 in IP DEFAULT TABLE 6548E586 3D665C22 53A25C20 F12F5F68 6548E586 3D665C22 53A25C20 F12F5F68 6548E586 3D665C22 53A25C20 F12F5F68

002330: Apr 24 17:38:31.267 VRN: EZVPN(EZVPN_CLIENT): ezvpn_parse_mode_config_msg

002331: Apr 24 17:38:31.267 VRN: EZVPN: Attributes sent in message:

002332: Apr 24 17:38:31.267 VRN:         DNS Primary: X.X.X.X

002333: Apr 24 17:38:31.267 VRN:         DNS Secondary: X.X.X.X

002334: Apr 24 17:38:31.267 VRN:         Savepwd on

002335: Apr 24 17:38:31.267 VRN:         Default Domain: nodomain

002336: Apr 24 17:38:31.267 VRN:         Enabling PFS with group: 2

002337: Apr 24 17:38:31.267 VRN: EZVPN: Unknown/Unsupported Attr: APPLICATION_VERSION (0x7)

002338: Apr 24 17:38:31.271 VRN: EZVPN(EZVPN_CLIENT): ezvpn_mode_config

002339: Apr 24 17:38:31.271 VRN: EZVPN(EZVPN_CLIENT): New State: SS_OPEN

002340: Apr 24 17:38:31.299 VRN: EZVPN(EZVPN_CLIENT): Current State: SS_OPEN

002341: Apr 24 17:38:31.299 VRN: EZVPN(EZVPN_CLIENT): Event: SOCKET_READY

002342: Apr 24 17:38:31.299 VRN: EZVPN(EZVPN_CLIENT): No state change

002343: Apr 24 17:38:31.311 VRN: EZVPN(EZVPN_CLIENT): Current State: SS_OPEN

002344: Apr 24 17:38:31.311 VRN: EZVPN(EZVPN_CLIENT): Event: SOCKET_READY

002345: Apr 24 17:38:31.311 VRN: EZVPN(EZVPN_CLIENT): No state change

002346: Apr 24 17:38:31.311 VRN: EZVPN(EZVPN_CLIENT): Current State: SS_OPEN

002347: Apr 24 17:38:31.311 VRN: EZVPN(EZVPN_CLIENT): Event: SOCKET_READY

002348: Apr 24 17:38:31.311 VRN: EZVPN(EZVPN_CLIENT): No state change

#show crypto ipsec client ezvpn

Easy VPN Remote Phase: 8

Tunnel name : EZVPN_CLIENT

Inside interface list: Vlan1, Vlan3

Outside interface: Virtual-Access1 (bound to Dialer1)

Current State: SS_OPEN

Last Event: SOCKET_READY

DNS Primary: X.X.X.X

DNS Secondary: X.X.X.X

Default Domain: nodomain

Using PFS Group: 2

Save Password: Allowed

Current EzVPN Peer: X.X.X.X

_____________________

From ASA side i see

155 IKE Peer: X.X.X.X

    Type    : user            Role    : responder

    Rekey   : no              State   : AM_TM_INIT_MODECFG_V6H

Anybody knows what is the AM_TM_INIT_MODECFG_V6H state???? ANd what's the problem with this? Provider give me PPPoE

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents