Re: [OSL | CCIE_Security] EZVPN DVTI

[Sumit Mahla]

Tyson,

 

I did the same config last night as well.... What i noticed was that if i map 
the crypto ipsec client ezvpn group to physical interface and then configure 
the interface virtual-template ........ then the eazy vpn does not come up with 
this config....

 

 

However when i configure the virtual template first then attached the crypto 
ipsec client ezvpn group to physical interface then the tunnel comes UP even 
with-out the virtual-interface command under crypto ipsec client group...

 

 

 

Regards

Sumit Mahla


 


From: tsc...@ipexpert.com
To: sumitma...@hotmail.com; ccie_security@onlinestudylist.com
Subject: RE: [OSL | CCIE_Security] EZVPN DVTI
Date: Tue, 4 May 2010 17:45:33 -0400







You are missing the virtual-interface under the client ipsec.  If you do that 
it will work.
 

Regards,
 
Tyson Scott - CCIE #13513 R&S, Security, and SP
Technical Instructor - IPexpert, Inc.
Mailto: tsc...@ipexpert.com
Telephone: +1.810.326.1444, ext. 208
Live Assistance, Please visit: www.ipexpert.com/chat
eFax: +1.810.454.0130
 
IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio 
Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, 
Voice, Security & Service Provider) certification(s) with training locations 
throughout the United States, Europe, South Asia and Australia. Be sure to 
visit our online communities at www.ipexpert.com/communities and our public 
website at www.ipexpert.com
 


From: ccie_security-boun...@onlinestudylist.com 
[mailto:ccie_security-boun...@onlinestudylist.com] On Behalf Of Sumit Mahla
Sent: Tuesday, May 04, 2010 3:34 PM
To: ccie_security@onlinestudylist.com
Subject: Re: [OSL | CCIE_Security] EZVPN DVTI
 
The same config for EZVPN Client has worked for me twice...
 
i actually did some practice for all possible EZVPN client config's... and did 
a note of all config's.... The below configured config some time works... and 
some time not.......
 
 
when i type in crypto ipsec client ezvpn xauth....... it says no pendoing xauth 
request...
 
and some time it does work....

 



From: sumitma...@hotmail.com
To: ccie_security@onlinestudylist.com
Date: Wed, 5 May 2010 00:46:13 +0530
Subject: [OSL | CCIE_Security] EZVPN DVTI

Hello All,
 
 
Can any one please spot the mistake in the config.... ? I tried to configure 
four different ezvpn config using DVTI on SERVER and different config's on 
client...... out of these only one didn't worked for me.... that's given 
below...
 
i kept the SERVER config unaltered... however for EZVPN client mode out of 4 
the one given below did not worked...
 
 
 
 
Please suggest the mistake...
 
 
 
 
SERVER
aaa new-model
aaa authentication login EZ-AUTHEN local
aaa authorization network EZ-AUTHOR local
username cisco password 0 cisco
crypto isakmp policy 10
    encr 3des
    authentication pre-share
    group 2
crypto isakmp keepalive 10
!
crypto isakmp client configuration group EZC
    key ccie
    pool EZP
    acl 110               
crypto isakmp profile EZVPN
    match identity group EZC
    client authentication list EZ-AUTHEN
    isakmp authorization list EZ-AUTHOR
    client configuration address respond
    virtual-template 1
!
crypto ipsec transform-set EZ-SET esp-3des esp-md5-hmac
crypto ipsec profile DVTI
    set transform-set EZ-SET
    set isakmp-profile EZVPN
 
interface Loopback100
    ip address 100.100.100.1 255.255.255.0
interface FastEthernet0/0
    ip address 10.10.10.1 255.255.255.0
interface Virtual-Template1 type tunnel
    ip unnumbered FastEthernet0/0
    tunnel source FastEthernet0/0
    tunnel mode ipsec ipv4
    tunnel protection ipsec profile DVTI
ip local pool EZP 172.16.0.1 172.16.0.10
access-list 110 permit ip 100.100.100.0 0.0.0.255 any
 
 
 
 
 
CLIENT -à 
crypto ipsec client ezvpn ABC
    connect auto
    group EZC key ccie
    local-address FastEthernet0/0
    mode client
    peer 10.10.10.1
    username cisco password cisco             
    xauth userid mode interactive                             
interface Loopback200
   ip address 200.200.200.1 255.255.255.0
   crypto ipsec client ezvpn ABC inside
interface FastEthernet0/0
   ip address 10.10.10.2 255.255.255.0
   crypto ipsec client ezvpn ABC
 
interface Virtual-Template1 type tunnel
    no ip address
    tunnel mode ipsec ipv4
 
 
 
 
Regards
 
 



All the post budget analysis and implications Sign up now. 



All the post budget analysis and implications Sign up now.                      
                  
_________________________________________________________________
Catch the latest in the world of fashion
http://lifestyle.in.msn.com/
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com