Some more interesting information: If I add a static default route instead of one learned via an IGP it works perfectly. Strange stuff!!! Maybe EZVPN remote just expects and demands that you have a static default route to your ISP.
On Mon, Mar 12, 2012 at 9:29 PM, Joe Astorino <[email protected]> wrote: > I have run into an interesting problem and was wondering if you guys > have seen this before or know why it happens. I have EZVPN remote > configured on a router. This EZVPN remote client has a default route > learned via EIGRP. Everytime I tried to initiated an ezvpn connection > it would immediately fail, saying the IPSEC session was terminated. > "debug crypto isakmp" on the server showed it was passing IKE phase 1 > and the server was sending it an XAUTH request....the client never > responded to that request because it had terminated the session before > the request made it there. > > The interesting things is this: a "debug crypto ipsec client ezvpn" > on the client end reveals immediately after attempting to start the > session: EZVPN(EZVPN): No route to peer 200.0.23.3, resetting the > connection > > 200.0.23.3 in this case is the EZVPN server. Like I said, I have a > default route learned via EIGRP from an upstream device and 200.0.23.3 > is pingable. Now for the real fun -- If I add a host route for > 200.0.23.3, everything works :) Any ideas? > > > -- > Regards, > > Joe Astorino > CCIE #24347 > http://astorinonetworks.com > > "He not busy being born is busy dying" - Dylan -- Regards, Joe Astorino CCIE #24347 http://astorinonetworks.com "He not busy being born is busy dying" - Dylan _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
