Route learnt from any source should work. You should make sure that, the router in between who is generating the route using IGP should have a route to the server.
Were you able to ping from client to the server using that those routes when you were not able to connect? With regards Kings On Tue, Mar 13, 2012 at 7:14 AM, Joe Astorino <[email protected]>wrote: > Some more interesting information: If I add a static default route > instead of one learned via an IGP it works perfectly. Strange > stuff!!! Maybe EZVPN remote just expects and demands that you have a > static default route to your ISP. > > On Mon, Mar 12, 2012 at 9:29 PM, Joe Astorino <[email protected]> > wrote: > > I have run into an interesting problem and was wondering if you guys > > have seen this before or know why it happens. I have EZVPN remote > > configured on a router. This EZVPN remote client has a default route > > learned via EIGRP. Everytime I tried to initiated an ezvpn connection > > it would immediately fail, saying the IPSEC session was terminated. > > "debug crypto isakmp" on the server showed it was passing IKE phase 1 > > and the server was sending it an XAUTH request....the client never > > responded to that request because it had terminated the session before > > the request made it there. > > > > The interesting things is this: a "debug crypto ipsec client ezvpn" > > on the client end reveals immediately after attempting to start the > > session: EZVPN(EZVPN): No route to peer 200.0.23.3, resetting the > > connection > > > > 200.0.23.3 in this case is the EZVPN server. Like I said, I have a > > default route learned via EIGRP from an upstream device and 200.0.23.3 > > is pingable. Now for the real fun -- If I add a host route for > > 200.0.23.3, everything works :) Any ideas? > > > > > > -- > > Regards, > > > > Joe Astorino > > CCIE #24347 > > http://astorinonetworks.com > > > > "He not busy being born is busy dying" - Dylan > > > > -- > Regards, > > Joe Astorino > CCIE #24347 > http://astorinonetworks.com > > "He not busy being born is busy dying" - Dylan > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
