Try to add virtual template on the client and attach it under the EasyVPN remote group configuration.
2011/3/6 Richard Chan <[email protected]> > Hi, > > Does regular Easy VPN Remote work with Easy VPN Server DVTI in NEM? > > The tunnel comes up for a short while and then goes down. > > The client is using regular Easy VPN Remote. > The hub is using Easy VPN Server DVTI. > (If both sides are using DVTI or non-DVTI the tunnel comes up.) > > Client mode: Easy VPN Remote-no DVTI === Easy VPN Server DVTI works > > NEM mode: Easy VPN Remote-no DVTI === Easy VPN Server DVTI; tunnel comes > up then goes down immediately. > > Is this supposed to work at all? > !============ Client Side > crypto ipsec client ezvpn REMOTE > connect acl 200 > group MYGROUP key CISCO123 > mode network-plus > peer 192.168.53.33 > xauth userid mode http-intercept > ! > int fa0/0 > crypto ipsec client ezvpn REMOTE inside > ! > int fa0/1 > crypto ipsec client ezvpn REMOTE > ! > !============= Hub Side > crypto isakmp policy 10 > encr aes 256 > authentication pre-share > group 2 > ! > crypto isakmp client configuration group MYGROUP > key CISCO123 > pool MYPOOL > acl ACL-ANY > ! > crypto isakmp profile MYISAKMP > match identity group MYGROUP > client authentication list MYLOCAL > isakmp authorization list MYLOCAL > client configuration address respond > client configuration group MYGROUP > ! > crypto ipsec transform-set AES_SHA esp-aes esp-sha-hmac > ! > crypto dynamic-map DYNMAP 10 > set transform-set AES_SHA > reverse-route > ! > crypto map STATMAP 60000 ipsec-isakmp dynamic DYNMAP > ! > int Fa0/0 > crypto map STATMAP > ! > > > </section> > > <section><title>Task 3.23: IOS ezVPN Remote: VTI </title> > <para>Both sides VTI, you get any-any proxy networks. > EIGRP is running on both sides interface ViN. Sees a peer across the > tunnel. > </para> > > <programlisting> > !--- Easy VPN Remote VTI > ! > crypto ipsec client ezvpn HW-CLIENT > connect acl 150 > group TASK3.21 key CISCO727 > mode network-plus > peer 136.1.123.3 > virtual-interface 1 > xauth userid mode http-intercept > ! > int fa0/0.11 > crypto ipsec client ezvpn HW-CLIENT inside > ! > int fa0/0.121 > crypto ipsec client ezvpn HW-CLIENT > ! > interface Virtual-Template1 type tunnel > no ip address > tunnel mode ipsec ipv4 > ! > !=========================== Hub side > crypto isakmp policy 10 > encr aes 256 > authentication pre-share > group 2 > ! > crypto isakmp client configuration group TASK3.21 > key CISCO727 > pool POOL-3.21 > acl ACL-3.21 > !--- note used in DVTI > ! > crypto isakmp profile MYPROF-3.21 > match identity group TASK3.21 > client authentication list MYLOCAL > isakmp authorization list MYLOCAL > client configuration address respond > client configuration group TASK3.21 > virtual-template 6 > ! > crypto ipsec transform-set AES_SHA esp-aes esp-sha-hmac > ! > crypto ipsec profile ipsPROF-2 > set transform-set AES_SHA > set reverse-route tag 727 > ! > interface Virtual-Template6 type tunnel > ip unnumbered Loopback100 > tunnel mode ipsec ipv4 > tunnel protection ipsec profile ipsPROF-2 > !--- > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
