ASA doesn't support IPSec by default. Have you allowed ISAKMP and ESP on the inbound ACL configured on the outside interface connected to the Server.
With regards Kings On Wed, Jan 12, 2011 at 2:24 PM, Robert Gridley <[email protected]> wrote: > Hi, > > I need help because I cant get this working: > > R4(Client)-----------------|ASA no NAT| ------------------- R2 (server) > > Easy VPN Client (R4): > > crypto ipsec client ezvpn Easyvpn > connect auto > group Easyvpn key cisco > mode client > peer 16.16.4.2 > username cisco password cisco > xauth userid mode local > interface FastEthernet0/0 > ip address 12.12.6.4 255.255.255.0 > duplex auto > speed auto > crypto ipsec client ezvpn Easyvpn > ! > interface FastEthernet0/1 > ip address 12.12.12.4 255.255.255.0 > duplex auto > speed auto > crypto ipsec client ezvpn Easyvpn inside > __________________________________________ > ASA (No NAT): > access-list in-outside extended permit esp host 12.12.6.4 host 12.12.4.2 > access-list in-outside extended permit udp host 12.12.6.4 host 12.12.4.2 > eq isakmp > _______________________________________________________________________ > R2(Server): > aaa authentication login userlist local > aaa authentication login LINES line > aaa authorization network groupist local > crypto isakmp policy 10 > encr 3des > authentication pre-share > group 2 > crypto isakmp key cisco address 0.0.0.0 0.0.0.0 > > crypto isakmp client configuration group Easyvpn > key cico > domain cisco.com > pool ippool > acl split > save-password > crypto isakmp profile easyvpn > match identity group Easyvpn > client authentication list userlist > isakmp authorization list groupist > client configuration address respond > virtual-template 2 > > crypto ipsec transform-set myset esp-3des esp-sha-hmac > > crypto ipsec profile easyvpn > set transform-set myset > set isakmp-profile easyvpn > interface Virtual-Template2 type tunnel > ip unnumbered FastEthernet0/0 > tunnel source FastEthernet0/0 > tunnel mode ipsec ipv4 > tunnel protection ipsec profile easyvpn > > ip local pool ippool 12.12.22.1 12.12.22.5 > > ip access-list extended split > permit ip 192.186.2.0 0.0.0.255 any > Does somebody can help me were my failure is ? > > > Thanks, > > Bobby > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
