Thanks,
I didnt see it ... I really didnt ... it was the password. Thanks ! (the 16.16.... was misstypo) Thanks! ----- Original Message ----- From: Bruno To: Robert Gridley Cc: [email protected] Sent: Wednesday, January 12, 2011 11:24 AM Subject: Re: [OSL | CCIE_Security] EasyVPN with ISAKMP/IPSEC-Profile Hi Robert, Here some suggestions What about the command "client configuration group Easyvpn"? I am used to use this command with EasyVPN Are you sourcing your tests from the int fa0/1? Are you receiving at least the message to start the xauth authentication (crypto ipsec client ezvpn xauth)? This indicates that half of your config may be right. Since xauth is ike 1.5 phase, your ike 1 phase would have to be completed when you get this message Hope it helps On Wed, Jan 12, 2011 at 6:54 AM, Robert Gridley <[email protected]> wrote: Hi, I need help because I cant get this working: R4(Client)-----------------|ASA no NAT| ------------------- R2 (server) Easy VPN Client (R4): crypto ipsec client ezvpn Easyvpn connect auto group Easyvpn key cisco mode client peer 16.16.4.2 username cisco password cisco xauth userid mode local interface FastEthernet0/0 ip address 12.12.6.4 255.255.255.0 duplex auto speed auto crypto ipsec client ezvpn Easyvpn ! interface FastEthernet0/1 ip address 12.12.12.4 255.255.255.0 duplex auto speed auto crypto ipsec client ezvpn Easyvpn inside __________________________________________ ASA (No NAT): access-list in-outside extended permit esp host 12.12.6.4 host 12.12.4.2 access-list in-outside extended permit udp host 12.12.6.4 host 12.12.4.2 eq isakmp _______________________________________________________________________ R2(Server): aaa authentication login userlist local aaa authentication login LINES line aaa authorization network groupist local crypto isakmp policy 10 encr 3des authentication pre-share group 2 crypto isakmp key cisco address 0.0.0.0 0.0.0.0 crypto isakmp client configuration group Easyvpn key cico domain cisco.com pool ippool acl split save-password crypto isakmp profile easyvpn match identity group Easyvpn client authentication list userlist isakmp authorization list groupist client configuration address respond virtual-template 2 crypto ipsec transform-set myset esp-3des esp-sha-hmac crypto ipsec profile easyvpn set transform-set myset set isakmp-profile easyvpn interface Virtual-Template2 type tunnel ip unnumbered FastEthernet0/0 tunnel source FastEthernet0/0 tunnel mode ipsec ipv4 tunnel protection ipsec profile easyvpn ip local pool ippool 12.12.22.1 12.12.22.5 ip access-list extended split permit ip 192.186.2.0 0.0.0.255 any Does somebody can help me were my failure is ? Thanks, Bobby _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com -- Bruno Fagioli (by Jaunty Jackalope) Cisco Security Professional
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
