Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

crypto ipsec client ezvpn - connect auto command Question

here are my configs

crypto ipsec client ezvpn ezvpn

connect auto

group ezvpn key xxxxxxxx

mode network-extension

peer xxxxxxxxxxxx

acl 101

username xxxxxxxxx password xxxxxxxxxxxxxx

xauth userid mode local

Now, I am a little confused about the "connect auto" command. We have a server built behind this router SiteA that our middleware server at Site B communicates with at night over the VPN tunnel. We have been having problems where at night when the Middleware server tries to communicate with the server it is unable too intiate the ezvpn tunnel on the router and build the vpn tunnel. What we find is in the morning we have to logon to the server and ping out from Site A to intiate the VPN tunnel. Does this seem right? My thought was the connect auto command specifies the VPN tunnel to automatically connect?

As a test we build a ping request on the Server at Site A towards Site B to create interesting traffic and let it run. We did not experience the VPN tunnel drops as before.

So my question is, isn't "connect auto" supposed to prevent this from happening by always keeping the VPN tunnel up?

Second queston is, "crypto isakmp keepalive 30 20 periodic" required to prevent this instead vs the connect auto?

I read the cisco documenation and it makes sense to me, but I wanted someone else's viewpoint or explanation to this.

5 REPLIES
Bronze

Re: crypto ipsec client ezvpn - connect auto command Question

The connect auto command has to be given under the crypto ipsec client ezvpn. For example look at the configuration in the link

crypto ipsec client ezvpn china

connect auto

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a008032b637.shtml

New Member

Re: crypto ipsec client ezvpn - connect auto command Question

Thank you for your response, however it already is under the crypto ipsec client ezvpn. Thanks for you reply.

New Member

Re: crypto ipsec client ezvpn - connect auto command Question

I believe with connect auto and the username/password specified you should not be specifying "xauth userid mode..." at all. Do a no on that command and try it again.

New Member

Re: crypto ipsec client ezvpn - connect auto command Question

Thank you for responding but from reading cisco's documentation, if I remove this then I have to manually enter in a username password which I don't want. It should use the stored username password in the crypto ezvpn client configs

interactive <---this is the default

To authenticate, the user must use the command-line interface (CLI) prompts on the console. Interactive is the default behavior

Re: crypto ipsec client ezvpn - connect auto command Question

I think you should look at your ezvpn server.

Do you have on ezvpn server an option that permits users in group "ezvpn" to store their passwords?

1448
Views
0
Helpful
5
Replies
CreatePlease to create content