Hi, Does regular Easy VPN Remote work with Easy VPN Server DVTI in NEM?
The tunnel comes up for a short while and then goes down. The client is using regular Easy VPN Remote. The hub is using Easy VPN Server DVTI. (If both sides are using DVTI or non-DVTI the tunnel comes up.) Client mode: Easy VPN Remote-no DVTI === Easy VPN Server DVTI works NEM mode: Easy VPN Remote-no DVTI === Easy VPN Server DVTI; tunnel comes up then goes down immediately. Is this supposed to work at all? !============ Client Side crypto ipsec client ezvpn REMOTE connect acl 200 group MYGROUP key CISCO123 mode network-plus peer 192.168.53.33 xauth userid mode http-intercept ! int fa0/0 crypto ipsec client ezvpn REMOTE inside ! int fa0/1 crypto ipsec client ezvpn REMOTE ! !============= Hub Side crypto isakmp policy 10 encr aes 256 authentication pre-share group 2 ! crypto isakmp client configuration group MYGROUP key CISCO123 pool MYPOOL acl ACL-ANY ! crypto isakmp profile MYISAKMP match identity group MYGROUP client authentication list MYLOCAL isakmp authorization list MYLOCAL client configuration address respond client configuration group MYGROUP ! crypto ipsec transform-set AES_SHA esp-aes esp-sha-hmac ! crypto dynamic-map DYNMAP 10 set transform-set AES_SHA reverse-route ! crypto map STATMAP 60000 ipsec-isakmp dynamic DYNMAP ! int Fa0/0 crypto map STATMAP ! </section> <section><title>Task 3.23: IOS ezVPN Remote: VTI </title> <para>Both sides VTI, you get any-any proxy networks. EIGRP is running on both sides interface ViN. Sees a peer across the tunnel. </para> <programlisting> !--- Easy VPN Remote VTI ! crypto ipsec client ezvpn HW-CLIENT connect acl 150 group TASK3.21 key CISCO727 mode network-plus peer 136.1.123.3 virtual-interface 1 xauth userid mode http-intercept ! int fa0/0.11 crypto ipsec client ezvpn HW-CLIENT inside ! int fa0/0.121 crypto ipsec client ezvpn HW-CLIENT ! interface Virtual-Template1 type tunnel no ip address tunnel mode ipsec ipv4 ! !=========================== Hub side crypto isakmp policy 10 encr aes 256 authentication pre-share group 2 ! crypto isakmp client configuration group TASK3.21 key CISCO727 pool POOL-3.21 acl ACL-3.21 !--- note used in DVTI ! crypto isakmp profile MYPROF-3.21 match identity group TASK3.21 client authentication list MYLOCAL isakmp authorization list MYLOCAL client configuration address respond client configuration group TASK3.21 virtual-template 6 ! crypto ipsec transform-set AES_SHA esp-aes esp-sha-hmac ! crypto ipsec profile ipsPROF-2 set transform-set AES_SHA set reverse-route tag 727 ! interface Virtual-Template6 type tunnel ip unnumbered Loopback100 tunnel mode ipsec ipv4 tunnel protection ipsec profile ipsPROF-2 !---
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
