Folks,
Am I supposed to see a route on EzVPN client to the network/host that is pushed
with a split ACL ?
To be more detailed the situation is trivial as usual in theory but requires
understanding why it doesn't work
EzVPN client (router) successfully connects to the peer. The tunnel is up
except for the fact that I can't reach the remote network from the client (it's
host 2.2.2.2 which is a loopback on the EzVPN server)
The client gets the following parameters:
R4#sh cry ipsec client ez
Easy VPN Remote Phase: 8
Tunnel name : ez
Inside interface list: FastEthernet0/1
Outside interface: FastEthernet0/0
Current State: IPSEC_ACTIVE
Last Event: MTU_CHANGED
Address: 10.10.10.67 (applied on Loopback10000)
Mask: 255.255.255.255
Default Domain: cisco.com
Save Password: Allowed
Split Tunnel List: 1
Address : 2.2.2.2
Mask : 255.255.255.255
Protocol : 0x0
Source Port: 0
Dest Port : 0
Current EzVPN Peer: 192.168.12.2
The only route relevant to EzVPN setup on the client is this one:
C 10.10.10.67/32 is directly connected, Loopback10000
What I don't understand is why the remote ident in the below output is all 0
R4#sh cry ipsec sa
interface: FastEthernet0/0
Crypto map tag: FastEthernet0/0-head-0, local addr 192.168.6.4
protected vrf: (none)
local ident (addr/mask/prot/port): (10.10.10.67/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
current_peer 192.168.12.2 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
Suggestions, please.
Eugene
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
