I have run into an interesting problem and was wondering if you guys have seen this before or know why it happens. I have EZVPN remote configured on a router. This EZVPN remote client has a default route learned via EIGRP. Everytime I tried to initiated an ezvpn connection it would immediately fail, saying the IPSEC session was terminated. "debug crypto isakmp" on the server showed it was passing IKE phase 1 and the server was sending it an XAUTH request....the client never responded to that request because it had terminated the session before the request made it there.
The interesting things is this: a "debug crypto ipsec client ezvpn" on the client end reveals immediately after attempting to start the session: EZVPN(EZVPN): No route to peer 200.0.23.3, resetting the connection 200.0.23.3 in this case is the EZVPN server. Like I said, I have a default route learned via EIGRP from an upstream device and 200.0.23.3 is pingable. Now for the real fun -- If I add a host route for 200.0.23.3, everything works :) Any ideas? -- Regards, Joe Astorino CCIE #24347 http://astorinonetworks.com "He not busy being born is busy dying" - Dylan _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
