Cisco is fun and interesting and pathetic at the same time (most of the time). keep you guessing.. FNK
On Mon, Mar 12, 2012 at 9:44 PM, Joe Astorino <[email protected]>wrote: > Some more interesting information: If I add a static default route > instead of one learned via an IGP it works perfectly. Strange > stuff!!! Maybe EZVPN remote just expects and demands that you have a > static default route to your ISP. > > On Mon, Mar 12, 2012 at 9:29 PM, Joe Astorino <[email protected]> > wrote: > > I have run into an interesting problem and was wondering if you guys > > have seen this before or know why it happens. I have EZVPN remote > > configured on a router. This EZVPN remote client has a default route > > learned via EIGRP. Everytime I tried to initiated an ezvpn connection > > it would immediately fail, saying the IPSEC session was terminated. > > "debug crypto isakmp" on the server showed it was passing IKE phase 1 > > and the server was sending it an XAUTH request....the client never > > responded to that request because it had terminated the session before > > the request made it there. > > > > The interesting things is this: a "debug crypto ipsec client ezvpn" > > on the client end reveals immediately after attempting to start the > > session: EZVPN(EZVPN): No route to peer 200.0.23.3, resetting the > > connection > > > > 200.0.23.3 in this case is the EZVPN server. Like I said, I have a > > default route learned via EIGRP from an upstream device and 200.0.23.3 > > is pingable. Now for the real fun -- If I add a host route for > > 200.0.23.3, everything works :) Any ideas? > > > > > > -- > > Regards, > > > > Joe Astorino > > CCIE #24347 > > http://astorinonetworks.com > > > > "He not busy being born is busy dying" - Dylan > > > > -- > Regards, > > Joe Astorino > CCIE #24347 > http://astorinonetworks.com > > "He not busy being born is busy dying" - Dylan > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
