I am setting up an EzVPN connection from an 1811 router to my ASA 5540. I have everything setup and working properly with the exception of xauth.
I haven't had this problem with my VPN concentrator, and the configurations on the client side are identical.
Is there a way to not use xauth? I can't have my users logging into the router and typing in the command to login via xauth everytime their tunnel drops. I need to make this as seemless as I possibly can to the end user.
Setting up the xauth to local and definind a user/pw worked great! Thanks for the help.
But I'm having another issue, there is definately something wrong with my configuration.
The tunnel is up and active, and from my internal network I can ping the remote default-gateway, but I cannot ping the host on the other side of the default gateway. I have checked routing on my cores and the VPN ASA. I can see the correct network range from the ASA as well:
Crypto map tag: SYSTEM_DEFAULT_CRYPTO_MAP, seq num: 10, local addr: 192.168.20.11
local ident (addr/mask/prot/port): (10.0.0.0/255.0.0.0/0/0)
I was an idiot, I had my NAT wrong on the VPN clinet router. I was allowing all communication sourced from the remote network to be NAT'd (worked well for internet access) but it was also NAT'ing the traffic destined to the VPN tunnel.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...