This device is trying to start phase1 but the other device is not responding. I guest the other device is the VPN3000. Is the VPN3000 accepting vpnclient at present time or is this a new installation. If the 3000 is working, please post relevant config of the 837.
I will look into that. I was wondering if this could be due to an access list (should be on 837)that needs to allow UDP and ESP as some of the configs suggest? None of the EZVPN configs suggest this, but the L2L do.
I have about 15 soho 91 routers(equivalent to 831) connecting this same way with no problem. The are two differences I see in your config compared to mine, maybe it is just because I am using 12.4 not sure.
On the client under the ezvpn config I have
xauth userid mode local
I have that username configured on the local router.
And my nat statement is referencing my route-map
ip nat inside source route-map EZVPN interface overload
access-list 177 deny ip any
route-map EZVPN permit 10
match ip address 177
Not sure if that will help but it is working for me.
After reviewing the log, your first problem is that the router is not receiving the concentrator packet.
Oct 1 15:29:48.815: ISAKMP:(0:19:HW:2): retransmitting phase 1 AG_INIT_EXCH
Oct 1 15:29:48.815: ISAKMP:(0:19:HW:2): sending packet to XX.XX.XX.XX my_port
500 peer_port 500 (I) AG_INIT_EXCH
Look at these line, you ll fing in your VPN3000 log file something like this
23874 10/02/2006 12:21:43.740 SEV=6 IKE/202 RPT=6774 **Router 837 IP Address**
Duplicate first packet detected. Ignoring packet.
This tells you that the vpn3000 is receiving packet but the 800 router is not receivign the 3000 packets. Fisrt step is to find out if the 3000 can reach the 800 using ICMP. Second, try to open up ACL for UDP port 500. My guess is that the 800 router is droping the inbound isakmp packet.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :