problem in ezvpn

dnagarajachary · ‎07-10-2003

I am using the configurations given in the following link

http://www.cisco.com/en/US/partner/netsol/ns110/ns170/ns171/ns27/networking_solutions_white_paper09186a008018914d.shtml

But i am not able to see the IPSec SAs in the routers.

The output of sh crypto ipsec client ezvpn has the following

CLIENT#sh crypto ipsec client ezvpn

Easy VPN Remote Phase: 2

Tunnel name : simplevpn

Inside interface list: FastEthernet0/0,

Outside interface: Serial0/1

Current State: SS_OPEN

Last Event: SOCKET_READY

Mask: 255.255.255.255

Default Domain: cisco.com

I am not finding where i am going wrong......

SERVER#sh run

Building configuration...

Current configuration : 1923 bytes

!

version 12.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname SERVER

!

logging queue-limit 100

enable password cisco

!

username xxx password xxxx

aaa new-model

!

aaa authentication login loginlist local

aaa authorization network loginlist local

aaa session-id common

ip subnet-zero

!

ip audit notify log

ip audit po max-events 100

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp xauth timeout 60

!

crypto isakmp client configuration group vpngroup

key vpnkey

domain cisco.com

!

crypto ipsec transform-set vpnset esp-3des esp-sha-hmac

!

crypto dynamic-map vpnmap 1

set transform-set vpnset

!

crypto map vpnmap client authentication list loginlist

crypto map vpnmap isakmp authorization list loginlist

crypto map vpnmap client configuration address respond

crypto map vpnmap 1 ipsec-isakmp dynamic vpnmap

!

no voice hpi capture buffer

no voice hpi capture destination

!

mta receive maximum-recipients 0

!

controller T1 2/0

framing sf

linecode ami

!

controller T1 2/1

framing sf

linecode ami

!

interface FastEthernet0/0

ip address xx.xxx.152.221 255.255.255.128

duplex auto

speed auto

crypto map vpnmap

!

interface Serial1/0

no ip address

shutdown

serial restart_delay 0

no fair-queue

!

interface Serial1/1

ip address xxx.xxx.xxx.2 255.255.255.0

serial restart_delay 0

crypto map vpnmap

!

interface Serial1/2

no ip address

shutdown

serial restart_delay 0

!

interface Serial1/3

no ip address

shutdown

serial restart_delay 0

!

interface FastEthernet2/0

no ip address

shutdown

duplex auto

speed auto

!

ip http server

no ip http secure-server

ip classless

!

radius-server authorization permit missing Service-Type

call rsvp-sync

!

mgcp profile default

!

dial-peer cor custom

!

line con 0

line aux 0

line vty 0 4

!

end

sh run

Building configuration...

Current configuration : 980 bytes

!

version 12.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname CLIENT

!

logging queue-limit 100

enable password cisco

!

username cisco password 0 cisco

ip subnet-zero

!

ip audit notify log

ip audit po max-events 100

no ftp-server write-enable

!

crypto ipsec client ezvpn simplevpn

connect auto

group vpngroup key 0 vpnkey

mode client

peer 100.100.100.2

!

interface FastEthernet0/0

ip address xx.xx.20.1 255.255.255.0

speed auto

crypto ipsec client ezvpn simplevpn inside

!

interface Serial0/0

no ip address

shutdown

no fair-queue

!

interface Serial0/1

ip address xxx.xxx.xxx.1 255.255.255.0

clockrate 64000

crypto ipsec client ezvpn simplevpn

!

interface ATM1/0

no ip address

shutdown

no atm ilmi-keepalive

dsl operating-mode auto

!

ip classless

no ip http server

no ip http secure-server

!

line con 0

line aux 0

line vty 0 4

!

no scheduler allocate

!

end

-Deepu

reswaran · ‎07-19-2003

Hi,

I cannot find any pool under the group in Easy VPN Server. You need to configure a pool for the Easy VPN Server to allocate an IP address to the Easy VPN client.

Also make sure both your LAN and WAN interface in your Easy VPN client is UP and running.

Ravikumar