I have two 1811 routers, one acting as an Easy VPN server and the other acting as an Easy VPN Remote. After configuring the remote, I can test the tunnel from the remote end via SDM. It prompts for the Xauth user and password, establishes the tunnel and passes the test. After that, the tunnel is up and the two LANS communicate as expected.
When I reset the connection from the remote side, via SDM, it again prompts for the XAuth user and password; but does not establish the tunnel--claiming a XAuth problem. If I then "test" the tunnel, via SDM, it does the XAuth prompt and successfully establishes the tunnel. That's the first problem.....
But, the most confusing part of this is that I cannot seem to make the server/remote VPN routers login automatically. I have configured the easy VPN group on the server for "Save Password" and configured the Remote end to perform auto connect with router-saved Xauth credentials. But, I'm always prompted for the XAuth credentials -regardless of whether I do a reset or a test.
So, is the SDM reset tunnel function broken? And, any ideas about how to get auto login w/o user intervention working?
BTW, Easy VPN is configured w/ shared-key. The server is configured w/"aaa new-model" but credentials are stored locally (no aaa servers). Remote end is still configured w/"no aaa new-model"...mostly because the Easy VPN wizard didn't prompt me to enable aaa and I've heard that, its possible to lock yourself out of the router if you screw up the aaa enable process.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...