You are missing the virtual-interface under the client ipsec. If you do that it will work.
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Technical Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: [email protected] [mailto:[email protected]] On Behalf Of Sumit Mahla Sent: Tuesday, May 04, 2010 3:34 PM To: [email protected] Subject: Re: [OSL | CCIE_Security] EZVPN DVTI The same config for EZVPN Client has worked for me twice... i actually did some practice for all possible EZVPN client config's... and did a note of all config's.... The below configured config some time works... and some time not....... when i type in crypto ipsec client ezvpn xauth....... it says no pendoing xauth request... and some time it does work.... _____ From: [email protected] To: [email protected] Date: Wed, 5 May 2010 00:46:13 +0530 Subject: [OSL | CCIE_Security] EZVPN DVTI Hello All, Can any one please spot the mistake in the config.... ? I tried to configure four different ezvpn config using DVTI on SERVER and different config's on client...... out of these only one didn't worked for me.... that's given below... i kept the SERVER config unaltered... however for EZVPN client mode out of 4 the one given below did not worked... Please suggest the mistake... SERVER aaa new-model aaa authentication login EZ-AUTHEN local aaa authorization network EZ-AUTHOR local username cisco password 0 cisco crypto isakmp policy 10 encr 3des authentication pre-share group 2 crypto isakmp keepalive 10 ! crypto isakmp client configuration group EZC key ccie pool EZP acl 110 crypto isakmp profile EZVPN match identity group EZC client authentication list EZ-AUTHEN isakmp authorization list EZ-AUTHOR client configuration address respond virtual-template 1 ! crypto ipsec transform-set EZ-SET esp-3des esp-md5-hmac crypto ipsec profile DVTI set transform-set EZ-SET set isakmp-profile EZVPN interface Loopback100 ip address 100.100.100.1 255.255.255.0 interface FastEthernet0/0 ip address 10.10.10.1 255.255.255.0 interface Virtual-Template1 type tunnel ip unnumbered FastEthernet0/0 tunnel source FastEthernet0/0 tunnel mode ipsec ipv4 tunnel protection ipsec profile DVTI ip local pool EZP 172.16.0.1 172.16.0.10 access-list 110 permit ip 100.100.100.0 0.0.0.255 any CLIENT -à crypto ipsec client ezvpn ABC connect auto group EZC key ccie local-address FastEthernet0/0 mode client peer 10.10.10.1 username cisco password cisco xauth userid mode interactive interface Loopback200 ip address 200.200.200.1 255.255.255.0 crypto ipsec client ezvpn ABC inside interface FastEthernet0/0 ip address 10.10.10.2 255.255.255.0 crypto ipsec client ezvpn ABC interface Virtual-Template1 type tunnel no ip address tunnel mode ipsec ipv4 Regards _____ All the post budget analysis and implications Sign up now. <http://news.in.msn.com/moneyspecial/budget2010/> _____ All the post budget analysis and implications Sign up <http://news.in.msn.com/moneyspecial/budget2010/> now.
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
