[OSL | CCIE_Security] EZVPN DVTI

Tue, 04 May 2010 12:16:19 -0700 

Hello All,

 

 

Can any one please spot the mistake in the config.... ? I tried to configure 
four different ezvpn config using DVTI on SERVER and different config's on 
client...... out of these only one didn't worked for me.... that's given 
below...

 

i kept the SERVER config unaltered... however for EZVPN client mode out of 4 
the one given below did not worked...

 

 

 

 

Please suggest the mistake...

 

 

 

 

SERVER
aaa new-model
aaa authentication login EZ-AUTHEN local
aaa authorization network EZ-AUTHOR local
username cisco password 0 cisco
crypto isakmp policy 10
    encr 3des
    authentication pre-share
    group 2
crypto isakmp keepalive 10
!
crypto isakmp client configuration group EZC
    key ccie
    pool EZP
    acl 110               
crypto isakmp profile EZVPN
    match identity group EZC
    client authentication list EZ-AUTHEN
    isakmp authorization list EZ-AUTHOR
    client configuration address respond
    virtual-template 1
!
crypto ipsec transform-set EZ-SET esp-3des esp-md5-hmac
crypto ipsec profile DVTI
    set transform-set EZ-SET
    set isakmp-profile EZVPN
 
interface Loopback100
    ip address 100.100.100.1 255.255.255.0
interface FastEthernet0/0
    ip address 10.10.10.1 255.255.255.0
interface Virtual-Template1 type tunnel
    ip unnumbered FastEthernet0/0
    tunnel source FastEthernet0/0
    tunnel mode ipsec ipv4
    tunnel protection ipsec profile DVTI
ip local pool EZP 172.16.0.1 172.16.0.10
access-list 110 permit ip 100.100.100.0 0.0.0.255 any
 
 
 
 
 
CLIENT -à 
crypto ipsec client ezvpn ABC
    connect auto
    group EZC key ccie
    local-address FastEthernet0/0
    mode client
    peer 10.10.10.1
    username cisco password cisco             
    xauth userid mode interactive                             
interface Loopback200
   ip address 200.200.200.1 255.255.255.0
   crypto ipsec client ezvpn ABC inside
interface FastEthernet0/0
   ip address 10.10.10.2 255.255.255.0
   crypto ipsec client ezvpn ABC
 
interface Virtual-Template1 type tunnel
    no ip address
    tunnel mode ipsec ipv4
 
 

 

 

Regards

 

 
                                          
_________________________________________________________________
Catch the latest in the world of fashion
http://lifestyle.in.msn.com/
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Reply via email to