07-10-2003 04:45 AM - edited 03-09-2019 03:58 AM
I am using the configurations given in the following link
But i am not able to see the IPSec SAs in the routers.
The output of sh crypto ipsec client ezvpn has the following
CLIENT#sh crypto ipsec client ezvpn
Easy VPN Remote Phase: 2
Tunnel name : simplevpn
Inside interface list: FastEthernet0/0,
Outside interface: Serial0/1
Current State: SS_OPEN
Last Event: SOCKET_READY
Mask: 255.255.255.255
Default Domain: cisco.com
I am not finding where i am going wrong......
SERVER#sh run
Building configuration...
Current configuration : 1923 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SERVER
!
logging queue-limit 100
enable password cisco
!
username xxx password xxxx
aaa new-model
!
!
aaa authentication login loginlist local
aaa authorization network loginlist local
aaa session-id common
ip subnet-zero
!
!
!
ip audit notify log
ip audit po max-events 100
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp xauth timeout 60
!
crypto isakmp client configuration group vpngroup
key vpnkey
domain cisco.com
!
!
crypto ipsec transform-set vpnset esp-3des esp-sha-hmac
!
crypto dynamic-map vpnmap 1
set transform-set vpnset
!
!
crypto map vpnmap client authentication list loginlist
crypto map vpnmap isakmp authorization list loginlist
crypto map vpnmap client configuration address respond
crypto map vpnmap 1 ipsec-isakmp dynamic vpnmap
!
!
!
!
!
!
!
!
!
!
no voice hpi capture buffer
no voice hpi capture destination
!
!
mta receive maximum-recipients 0
!
!
controller T1 2/0
framing sf
linecode ami
!
controller T1 2/1
framing sf
linecode ami
!
!
!
interface FastEthernet0/0
ip address xx.xxx.152.221 255.255.255.128
duplex auto
speed auto
crypto map vpnmap
!
interface Serial1/0
no ip address
shutdown
serial restart_delay 0
no fair-queue
!
interface Serial1/1
ip address xxx.xxx.xxx.2 255.255.255.0
serial restart_delay 0
crypto map vpnmap
!
interface Serial1/2
no ip address
shutdown
serial restart_delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart_delay 0
!
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
!
ip http server
no ip http secure-server
ip classless
!
!
!
!
!
radius-server authorization permit missing Service-Type
call rsvp-sync
!
!
mgcp profile default
!
!
!
dial-peer cor custom
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end
sh run
Building configuration...
Current configuration : 980 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CLIENT
!
logging queue-limit 100
enable password cisco
!
username cisco password 0 cisco
ip subnet-zero
!
!
!
!
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
!
!
!
!
!
crypto ipsec client ezvpn simplevpn
connect auto
group vpngroup key 0 vpnkey
mode client
peer 100.100.100.2
!
!
!
!
interface FastEthernet0/0
ip address xx.xx.20.1 255.255.255.0
speed auto
crypto ipsec client ezvpn simplevpn inside
!
interface Serial0/0
no ip address
shutdown
no fair-queue
!
interface Serial0/1
ip address xxx.xxx.xxx.1 255.255.255.0
clockrate 64000
crypto ipsec client ezvpn simplevpn
!
interface ATM1/0
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
ip classless
no ip http server
no ip http secure-server
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
no scheduler allocate
!
end
-Deepu
07-19-2003 02:22 AM
Hi,
I cannot find any pool under the group in Easy VPN Server. You need to configure a pool for the Easy VPN Server to allocate an IP address to the Easy VPN client.
Also make sure both your LAN and WAN interface in your Easy VPN client is UP and running.
Ravikumar
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide