Hi all, I have a simple L2L setup, where i am practicing to configure to ezvpn server/client configuration. I made 2 loopbacks on each router r1 and r2 respectively. I am facing a problem in bringing up the tunnel . There is no IPS or ASA in between !
Can you please help ??? CONFIG R1 (EZVPN SERVER) ===================== aaa new-model ! ! aaa authentication login default local aaa authorization network default local ! ! aaa session-id common memory-size iomem 5 ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! crypto isakmp policy 10 encr 3des authentication pre-share group 2 crypto isakmp key cisco address 0.0.0.0 0.0.0.0 ! crypto isakmp client configuration group ezvpn key cisco dns 4.2.2.2 wins 4.2.2.2 domain cisco.com pool IP-POOL acl 101 netmask 255.255.255.0 crypto isakmp profile ISAKMP_PROFILE match identity group ezvpn isakmp authorization list default client configuration address respond virtual-template 1 ! ! crypto ipsec transform-set TSET esp-3des esp-sha-hmac crypto ipsec profile IPSEC_PROFILE set transform-set TSET set isakmp-profile ISAKMP_PROFILE ! ! ! ! ! username cisco password 0 systems archive log config hidekeys ! ! ! ! ! interface Loopback0 description LAN Network - subnet A - ip address 1.1.1.1 255.255.255.0 ! interface Loopback100 ip address 101.101.101.101 255.255.255.255 ip ospf network point-to-point ! interface FastEthernet0/0 description WAN Link (R1->R2) ip address 100.1.1.1 255.255.255.0 ip ospf network point-to-multipoint duplex auto speed auto ! interface Virtual-Template1 type tunnel ip unnumbered FastEthernet0/0 tunnel source FastEthernet0/0 tunnel destination 100.1.1.2 tunnel mode ipsec ipv4 ! router eigrp 12 network 1.1.1.1 0.0.0.0 network 172.16.0.0 no auto-summary ! router ospf 12 log-adjacency-changes network 100.1.1.1 0.0.0.0 area 0 network 101.101.101.101 0.0.0.0 area 0 ! ip local pool IP-POOL 172.16.1.1 172.16.1.254 ! ! no ip http server no ip http secure-server ! access-list 101 permit ip 1.1.1.0 0.0.0.255 any ! ! ! ! control-plane ! ! line con 0 exec-timeout 0 0 password cisco logging synchronous line aux 0 line vty 0 4 password cisco logging synchronous ! end R1# OUTPUTS : =========== R1#sh crypto engine connections active Crypto Engine Connections ID Interface Type Algorithm Encrypt Decrypt IP-Address R1# R1# R1#sh crypto isa sa IPv4 Crypto ISAKMP SA dst src state conn-id slot status IPv6 Crypto ISAKMP SA R1#sh cry ipsec sa No SAs found R1# R2 ( Remote/Client end router) ======================= I am getting following messages upon logging console 7 (aaa is disabled here on this router) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ *Mar 1 00:25:12.995: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client) User= Group=ezvpn Client_public_addr=100.1.1.2 Server_public_addr=100.1.1.1 R2# *Mar 1 00:26:14.415: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client) User= Group=ezvpn Client_public_addr=100.1.1.2 Server_public_addr=100.1.1.1 R2# *Mar 1 00:27:15.635: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client) User= Group=ezvpn Client_public_addr=100.1.1.2 Server_public_addr=100.1.1.1 R2# *Mar 1 00:28:17.195: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client) User= Group=ezvpn Client_public_addr=100.1.1.2 Server_public_addr=100.1.1.1 R2# *Mar 1 00:29:18.887: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client) User= Group=ezvpn Client_public_addr=100.1.1.2 Server_public_addr=100.1.1.1 R2# *Mar 1 00:30:20.511: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client) User= Group=ezvpn Client_public_addr=100.1.1.2 Server_public_addr=100.1.1.1 * Here is the Config: * ================= no aaa new-model memory-size iomem 5 ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! crypto isakmp policy 10 encr 3des authentication pre-share group 2 crypto isakmp key cisco address 0.0.0.0 0.0.0.0 ! ! crypto ipsec client ezvpn ezvpn connect auto group ezvpn key cisco local-address FastEthernet0/0 mode client peer 100.1.1.1 xauth userid mode interactive ! ! username cisco password 0 systems archive --More-- *Mar 1 00:31:21.895: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client) User= Group=ezvpn Client_public_addr=100.1.1.2 Server_public_addr=100.1.1.1 log config hidekeys ! ! ! ! ! interface Loopback0 ip address 2.2.2.2 255.255.255.0 crypto ipsec client ezvpn ezvpn inside ! interface Loopback200 ip address 202.202.202.202 255.255.255.255 ip ospf network point-to-point ! interface FastEthernet0/0 ip address 100.1.1.2 255.255.255.0 ip virtual-reassembly ip ospf network point-to-multipoint duplex auto speed auto crypto ipsec client ezvpn ezvpn ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Virtual-Template1 type tunnel no ip address tunnel mode ipsec ipv4 ! router eigrp 12 network 2.2.2.2 0.0.0.0 network 172.16.0.0 no auto-summary ! router ospf 12 log-adjacency-changes network 100.1.1.2 0.0.0.0 area 0 network 202.202.202.202 0.0.0.0 area 0 ! ! ! no ip http server no ip http secure-server ! ! ! ! ! control-plane ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 ! ! R2# regards, Kamran ~ waiting for experts inputs'
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
