Nick,
I am sorry for not responding to this. I read it and got distracted by something else and forgot to come back to it. I think this was already mentioned but the only thing that I think could cause the problem was if the aaa authorization and authentication list was missing. Your configuration looks good beyond that aaa new-model aaa authentication login xauth local aaa authorization network groupauth local Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: [email protected] [mailto:[email protected]] On Behalf Of Nick Montante Sent: Saturday, February 05, 2011 5:56 PM To: [email protected] Subject: [OSL | CCIE_Security] Legacy IOS EasyVPN Hello all, I am going through several possible configurations for EasyVPN and I am currently trying to configure auto connect with saved password on the client. After configuring the server configuration group to allow for clients to save their XAUTH password, I am still receiving this error on two separate clients: *Mar 1 04:44:46.618: EZVPN(ez) Server does not allow save password option, enter your username and password manually *Mar 1 04:44:46.622: EZVPN(ez): *** Logic Error *** *Mar 1 04:44:46.626: EZVPN(ez): Current State: READY *Mar 1 04:44:46.626: EZVPN(ez): Event: MODE_CONFIG_REPLY *Mar 1 04:44:46.630: EZVPN(ez): Resetting the EZVPN state machine to recover[OK] R3# *Mar 1 04:44:46.646: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client) User= Group=ezgroup Client_public_addr=10.123.0.3 Server_public_addr=10.123.0.1 Server configuration looks like this: username cisco password 0 cisco ! crypto isakmp policy 10 encr 3des authentication pre-share group 2 ! crypto isakmp client configuration group ezgroup key cisco pool ezpool save-password ! crypto ipsec transform-set myset esp-3des esp-sha-hmac ! crypto dynamic-map dynmap 10 set transform-set myset ! crypto map clientmap client authentication list xauth crypto map clientmap isakmp authorization list groupauth crypto map clientmap 10 ipsec-isakmp dynamic dynmap ! ip local pool ezpool 10.1.100.101 10.1.100.105 Client configuration looks like this: crypto ipsec client ezvpn ez connect auto group ezgroup key cisco mode network-plus peer 10.123.0.1 username cisco password cisco xauth userid mode local Are legacy EasyVPN Remotes (IOS) not allowed to save their XAUTH password? Is this reserved for software clients? Thanks, ___ Nick Montante Sr. Network / Systems Engineer CLARKWESTERNTM Building Systems, Inc. 6110 US HWY 129 N Pendergrass, GA 30567 V (706) 693-3038 M (706) 372-6635 CCNA, CCSP, MSCE+S This communication is the property of CLARKWESTERN Building Systems,Inc. and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply and destroy all copies of the communication and any attachments.
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
