Hi Robert, Here some suggestions
What about the command "client configuration group Easyvpn"? I am used to use this command with EasyVPN Are you sourcing your tests from the int fa0/1? Are you receiving at least the message to start the xauth authentication (crypto ipsec client ezvpn xauth)? This indicates that half of your config may be right. Since xauth is ike 1.5 phase, your ike 1 phase would have to be completed when you get this message Hope it helps On Wed, Jan 12, 2011 at 6:54 AM, Robert Gridley <[email protected]> wrote: > Hi, > > I need help because I cant get this working: > > R4(Client)-----------------|ASA no NAT| ------------------- R2 (server) > > Easy VPN Client (R4): > > crypto ipsec client ezvpn Easyvpn > connect auto > group Easyvpn key cisco > mode client > peer 16.16.4.2 > username cisco password cisco > xauth userid mode local > interface FastEthernet0/0 > ip address 12.12.6.4 255.255.255.0 > duplex auto > speed auto > crypto ipsec client ezvpn Easyvpn > ! > interface FastEthernet0/1 > ip address 12.12.12.4 255.255.255.0 > duplex auto > speed auto > crypto ipsec client ezvpn Easyvpn inside > __________________________________________ > ASA (No NAT): > access-list in-outside extended permit esp host 12.12.6.4 host 12.12.4.2 > access-list in-outside extended permit udp host 12.12.6.4 host 12.12.4.2 > eq isakmp > _______________________________________________________________________ > R2(Server): > aaa authentication login userlist local > aaa authentication login LINES line > aaa authorization network groupist local > crypto isakmp policy 10 > encr 3des > authentication pre-share > group 2 > crypto isakmp key cisco address 0.0.0.0 0.0.0.0 > > crypto isakmp client configuration group Easyvpn > key cico > domain cisco.com > pool ippool > acl split > save-password > crypto isakmp profile easyvpn > match identity group Easyvpn > client authentication list userlist > isakmp authorization list groupist > client configuration address respond > virtual-template 2 > > crypto ipsec transform-set myset esp-3des esp-sha-hmac > > crypto ipsec profile easyvpn > set transform-set myset > set isakmp-profile easyvpn > interface Virtual-Template2 type tunnel > ip unnumbered FastEthernet0/0 > tunnel source FastEthernet0/0 > tunnel mode ipsec ipv4 > tunnel protection ipsec profile easyvpn > > ip local pool ippool 12.12.22.1 12.12.22.5 > > ip access-list extended split > permit ip 192.186.2.0 0.0.0.255 any > Does somebody can help me were my failure is ? > > > Thanks, > > Bobby > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > -- Bruno Fagioli (by Jaunty Jackalope) Cisco Security Professional
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
