[OSL | CCIE_Security] Legacy IOS EasyVPN

Sat, 05 Feb 2011 16:51:12 -0800 

Hello all,

I am going through several possible configurations for EasyVPN and I am 
currently trying to configure auto connect with saved password on the client. 
After configuring the server configuration group to allow for clients to save 
their XAUTH password, I am still receiving this error on two separate clients:

*Mar  1 04:44:46.618: EZVPN(ez) Server does not allow save password option,
enter your username and password manually
*Mar  1 04:44:46.622: EZVPN(ez): *** Logic Error ***
*Mar  1 04:44:46.626: EZVPN(ez): Current State: READY
*Mar  1 04:44:46.626: EZVPN(ez): Event: MODE_CONFIG_REPLY
*Mar  1 04:44:46.630: EZVPN(ez): Resetting the EZVPN state machine to 
recover[OK]
R3#
*Mar  1 04:44:46.646: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client)  User=  
Group=ezgroup  Client_public_addr=10.123.0.3  Server_public_addr=10.123.0.1

Server configuration looks like this:

username cisco password 0 cisco
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group ezgroup
key cisco
pool ezpool
save-password
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
!
crypto map clientmap client authentication list xauth
crypto map clientmap isakmp authorization list groupauth
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
ip local pool ezpool 10.1.100.101 10.1.100.105

Client configuration looks like this:

crypto ipsec client ezvpn ez
connect auto
group ezgroup key cisco
mode network-plus
peer 10.123.0.1
username cisco password cisco
xauth userid mode local

Are legacy EasyVPN Remotes (IOS) not allowed to save their XAUTH password? Is 
this reserved for software clients?

Thanks,
___

Nick Montante
Sr. Network / Systems Engineer
CLARKWESTERNTM Building Systems, Inc.
6110 US HWY 129 N
Pendergrass, GA 30567
V   (706) 693-3038
M  (706) 372-6635
CCNA, CCSP, MSCE+S




This communication is the property of CLARKWESTERN Building Systems,Inc. and may
contain confidential or privileged information. Unauthorized use of this 
communication is strictly prohibited and may be unlawful. If you have received 
this communication in error, please immediately notify the sender by reply and 
destroy all copies of the communication and any attachments.
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Reply via email to