Hi everyone, we're having an issue with a few of our routers that mobile users use to remote access VPN into. These routers are also DMVPN spokes.

Basically I have two isakmp policies and ipsec policies as below:

crypto isakmp policy 3

encr 3des

authentication pre-share

group 2

!

crypto isakmp policy 10

encr 3des

hash md5

authentication pre-share

group 5

!

crypto isakmp key ABC address 0.0.0.0 0.0.0.0 no-xauth

crypto isakmp keepalive 30 5 periodic

!

crypto ipsec transform-set myset esp-3des esp-sha-hmac

crypto ipsec transform-set TS1 esp-3des esp-md5-hmac

mode transport

!

Until this morning, all of the spoke routers on DMVPN were having major issues where they would try to talk to one another but fail due to CONF_XAUTH error. Once I added the no-xauth keyword at the end of crypto isakmp key, all started working well without any issues. However since then, our remote access VPN clients are no longer working. If I remove no-xauth, remote access clients start working but DMVPN starts to flap.

Any ideas?