Dear Experts,
reference to old post :-EasyVPN with ISAKMP/IPSEC-Profile, I did the same
setup:-
R4(Client)-----------------|ASA no NAT| ------------------- R2 (server)
Configuration works fine if i didn't use a virtual-interface in crypto ipsec
client group EZVPN in client side.
as follow:-
crypto ipsec client ezvpn EZVPN
connect auto
group easyvpn key cisco
mode client
peer 8.8.4.2
xauth userid mode interactive
interface Loopback0
ip address 172.16.4.4 255.255.255.0
crypto ipsec client ezvpn EZVPN inside
interface FastEthernet0/0
ip address 8.8.6.4 255.255.255.0
duplex auto
speed auto
crypto ipsec client ezvpn EZVPN
with above configuration , client get assigned ip address from the pool server
and be able to ping IPs behind server.
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
Once I configure a virtual-template and add it to ipsec client configuration,
it
doesn't work at all
crypto ipsec client ezvpn EZVPN
connect auto
group easyvpn key cisco
mode client
peer 8.8.4.2
virtual-interface 2
xauth userid mode interactive
interface Virtual-Template2 type tunnel
no ip address
tunnel mode ipsec ipv4
with same interface configuration part:-
interface Loopback0
ip address 172.16.4.4 255.255.255.0
crypto ipsec client ezvpn EZVPN inside
int f0/0
crypto ipsec client ezvpn EZVPN outside
Client kept reporting the following log:-
*Mar 18 14:03:48.695: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client) User=
Group=easyvpn Server_public_addr=8.8.4.2
*Mar 18 14:03:49.775: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client) User=
Group=easyvpn Server_public_addr=8.8.4.2
*Mar 18 14:03:51.643: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client) User=
Group=easyvpn Server_public_addr=8.8.4.2
*Mar 18 14:03:53.283: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client) User=
Group=easyvpn Server_public_addr=8.8.4.2
*Mar 18 14:03:54.431: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client) User=
Group=easyvpn Server_public_addr=8.8.4.2
*Mar 18 14:03:56.307: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client) User=
Group=easyvpn Server_public_addr=8.8.4.2
*Mar 18 14:03:58.095: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client) User=
Group=easyvpn Server_public_addr=8.8.4.2
*Mar 18 14:03:59.907: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client) User=
Group=easyvpn Server_public_addr=8.8.4.2
*Mar 18 14:04:01.303: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client) User=
Group=easyvpn Server_public_addr=8.8.4.2
R4# show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
8.8.4.2 8.8.6.4 CONF_XAUTH 1031 ACTIVE
8.8.4.2 8.8.6.4 MM_NO_STATE 1030 ACTIVE (deleted)
8.8.4.2 8.8.6.4 MM_NO_STATE 1029 ACTIVE (deleted)
8.8.4.2 8.8.6.4 MM_NO_STATE 1028 ACTIVE (deleted)
8.8.4.2 8.8.6.4 MM_NO_STATE 1027 ACTIVE (deleted)
8.8.4.2 8.8.6.4 MM_NO_STATE 1026 ACTIVE (deleted)
R4#show crypto ipsec client ezvpn
Easy VPN Remote Phase: 8
Tunnel name : EZVPN
Inside interface list: Loopback0
Outside interface: Virtual-Access2 (bound to FastEthernet0/0)
Current State: CONNECT_REQUIRED
Last Event: CONNECT
Save Password: Disallowed
Current EzVPN Peer: 8.8.4.2
>From Server side:-
R2#show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
8.8.4.2 8.8.6.4 CONF_XAUTH 1235 ACTIVE
8.8.4.2 8.8.6.4 MM_NO_STATE 1234 ACTIVE (deleted)
8.8.4.2 8.8.6.4 MM_NO_STATE 1233 ACTIVE (deleted)
Can you assist me in this case, what i am missing in my config.?
do you I have to follow a sequence of configuration to make it work?
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
