Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
809
Views
0
Helpful
1
Replies

Basic Easy VPN (IOS-IOS) issue (empty ipsec sa counter)

vrz rrr
Level 1
Level 1

‎10-22-2012 03:00 AM - edited ‎02-21-2020 06:25 PM

Hello,

I try to get running an Easy VPN (classic config) with two router. Remote and Client.

I can see some interesting results in "sh crypto isakmp sa" and " sho cryp ipsec client ez" but "sh crypto ipsec sa" remains empty.

GNS3 is used.

I've tried now for a whole week.

Could anyone try to help me please.

Best regards to all you you.

These are my configs and a drawing.

Server routeur config R1

---------------------------------

aaa new-model

!

!

aaa authentication login userlist local

aaa authorization network EzVPN_Users-1 local

!

!

aaa session-id common

memory-size iomem 5

ip cef   

!

!

!

!

no ip domain lookup

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

multilink bundle-name authenticated

!

!

password encryption aes

!

username vincent password vincent

!

crypto isakmp policy 1

encr aes 256

authentication pre-share

group 2

!

crypto isakmp client configuration group EzVPN_Users-1

key 123456789

dns 192.168.6.2

wins 192.168.6.2

domain security.com

pool EzVPN_Users-1

!

!

crypto ipsec transform-set transform esp-aes 256

!

crypto dynamic-map dynmap 1

set transform-set transform

set peer 192.168.0.1

reverse-route

!

crypto map VPN_REMOTE isakmp authorization list EzVPN_Users-1

crypto map VPN_REMOTE client configuration address respond

crypto map VPN_REMOTE 1 ipsec-isakmp dynamic dynmap

!

!

!

!

!

!

!

interface FastEthernet0/0

no shut

ip address 192.168.0.2 255.255.255.0

duplex auto

speed auto

crypto map VPN_REMOTE

!

interface FastEthernet0/1

no shut

ip address 192.168.6.3 255.255.255.0

duplex auto

speed auto

!

ip local pool EzVPN_Users-1 192.168.1.3

ip forward-protocol nd

ip route 192.168.1.0 255.255.255.0 192.168.0.1

!

!

no ip http server

------------------------------------------------------------------

Remote server R6

!

crypto ipsec client ezvpn R1

connect auto

group EzVPN_Users-1 key 123456789

mode network-extension

peer 192.168.0.2

xauth userid mode interactive

!

!

!

!

!

!

!

interface FastEthernet0/0

no shut

ip address 192.168.0.1 255.255.255.0

duplex auto

speed auto

crypto ipsec client ezvpn R1 outside

!

interface F0/1

ip address 192.168.1.1 255.255.255.0

no shut

duplex auto

speed auto

crypto ipsec client ezvpn R1 inside

Labels:
Preview file
38 KB
0 Helpful
1 Reply 1

sallymonchy
Level 1
Level 1

‎02-13-2019 03:10 AM

What is the solution to the problem?

0 Helpful
Customers Also Viewed These Support Documents