I am configuring EzVPN using VTI . R1 is Client while R3 is Server . There is
ASA in between which has allow any any statement there . It is working fine
with Network Extension Mode ( without VTI ) but when I switched to VTI i cant
bring things up . There is no isakmp debug messages on router . Attached is
config .
ALI
Rack1R3#sh run
Building configuration...
Current configuration : 2352 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Rack1R3
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization network default local
!
!
aaa session-id common
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
username cisco password 0 cisco
archive
log config
hidekeys
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group IT
key CISCO
pool vpn
acl 101
crypto isakmp profile vpn
match identity group IT
client authentication list default
isakmp authorization list default
client configuration address respond
virtual-template 1
!
!
crypto ipsec transform-set vpn esp-3des esp-md5-hmac
!
crypto ipsec profile vpn
set transform-set vpn
set isakmp-profile vpn
!
!
crypto dynamic-map vpn 10
set transform-set vpn
reverse-route
!
!
crypto map vpn client authentication list default
crypto map vpn isakmp authorization list default
crypto map vpn client configuration address respond
crypto map vpn 10 ipsec-isakmp dynamic vpn
!
!
!
ip tcp synwait-time 5
!
!
!
interface Loopback0
ip address 150.1.3.3 255.255.255.0
!
interface FastEthernet0/0
ip address 136.1.123.3 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0
ip address 136.1.23.3 255.255.255.0
clock rate 64000
!
interface FastEthernet0/1
ip address 136.1.100.3 255.255.255.0
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
!
interface Serial0/2
no ip address
shutdown
clock rate 2000000
!
interface Serial0/3
no ip address
shutdown
clock rate 2000000
!
interface Virtual-Template1 type tunnel
ip unnumbered FastEthernet0/0
tunnel mode ipsec ipv4
tunnel protection ipsec profile vpn
!
router rip
version 2
network 136.1.0.0
network 150.1.0.0
no auto-summary
!
ip local pool vpn 20.0.0.1 20.0.0.254
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
access-list 101 permit ip 10.0.0.0 0.0.0.255 any
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
line vty 0 4
password cisco
!
!
end
Rack1R1#
Rack1R1#sh run
Building configuration...
Current configuration : 1564 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Rack1R1
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
archive
log config
hidekeys
!
!
!
crypto ipsec client ezvpn vpn
group IT key CISCO
mode network-plus
peer 136.1.123.3
virtual-interface 100
xauth userid mode http-intercept
!
!
!
ip tcp synwait-time 5
!
!
!
interface Loopback0
ip address 150.1.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 136.1.121.1 255.255.255.0
duplex auto
speed auto
crypto ipsec client ezvpn vpn
!
interface Serial0/0
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet0/1
ip address 136.1.11.1 255.255.255.0
duplex auto
speed auto
crypto ipsec client ezvpn vpn inside
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
!
interface Serial0/2
no ip address
shutdown
clock rate 2000000
!
interface Virtual-Template10
no ip address
!
interface Virtual-Template100 type tunnel
no ip address
tunnel mode ipsec ipv4
!
router rip
version 2
network 20.0.0.0
network 136.1.0.0
no auto-summary
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
!
access-list 101 permit ip 10.0.0.0 0.0.0.255 any
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
line vty 0 4
password cisco
login
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
