- Cisco Community
- Technology and Support
- Security
- VPN
- ezvpn not working
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
ezvpn not working
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-21-2012 07:58 AM
i am working on trying to create a ezvpn connection into our network. it does not seem to be working. however it appears to be connecting here is the debug from the debug crypto ipsec client ezvpn
Dec 21 15:39:53.075: EZVPN(CISCOCP_EZVPN_CLIENT_1): Current State: SS_OPEN
Dec 21 15:39:53.075: EZVPN(CISCOCP_EZVPN_CLIENT_1): Event: SOCKET_ERROR
Dec 21 15:39:53.075: EZVPN(CISCOCP_EZVPN_CLIENT_1): ezvpn_close
Dec 21 15:39:53.075: EZVPN(CISCOCP_EZVPN_CLIENT_1): VPN Route Deleted 10.0.0.0 255.128.0.0 via 12.xxx.xxx.xxx in IP DEFAULT TABLE
Dec 21 15:39:53.075: EZVPN(CISCOCP_EZVPN_CLIENT_1): nulling context A44709F2 91006E56 10F6B57C E91EEF0A
Dec 21 15:39:53.075: EZVPN(CISCOCP_EZVPN_CLIENT_1): Deleted PSK for address 12.xxx.xxx.xxx
Dec 21 15:39:53.075: EZVPN(CISCOCP_EZVPN_CLIENT_1): No Connect ACL checking status change
Dec 21 15:39:53.075: EzVPN: Local Traffic Feature Deleted
Dec 21 15:39:53.075: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client) User=XXXX Group=(omited) Server_public_addr=12.xxx.xxx.xxx
Dec 21 15:39:53.079: EZVPN(CISCOCP_EZVPN_CLIENT_1): Deleted PSK for address 12.xxx.xxx.xxx
Dec 21 15:39:53.079: EZVPN(CISCOCP_EZVPN_CLIENT_1): New active peer is 12.xxx.xxx.xxx
Dec 21 15:39:53.079: EZVPN(CISCOCP_EZVPN_CLIENT_1): Ready to connect to peer 12.xxx.xxx.xxx
Dec 21 15:39:53.079: EZVPN(CISCOCP_EZVPN_CLIENT_1): Attempting to connect to peer 12.xxx.xxx.xxx
Dec 21 15:39:53.079: EZVPN(CISCOCP_EZVPN_CLIENT_1): New State: CONNECT_REQUIRED
Dec 21 15:39:53.079: EZVPN(CISCOCP_EZVPN_CLIENT_1): Current State: CONNECT_REQUIRED
Dec 21 15:39:53.079: EZVPN(CISCOCP_EZVPN_CLIENT_1): Event: CONNECT
Dec 21 15:39:53.079: EZVPN(CISCOCP_EZVPN_CLIENT_1): ezvpn_connect_request
Dec 21 15:39:53.079: EZVPN(CISCOCP_EZVPN_CLIENT_1): Found valid peer 12.xxx.xxx.xxx
Dec 21 15:39:53.079: EZVPN(CISCOCP_EZVPN_CLIENT_1): Ae notify tableid 0, event DOWN, destination 12.xxx.xxx.xxx, gateway 74.xxx.xxx.xxx, interface
Dec 21 15:39:54.227: EZVPN(CISCOCP_EZVPN_CLIENT_1): VPN Route Deleted 12.125.124.6 255.255.255.255 via 74.87.123.89, in IP DEFAULT TABLE
Dec 21 15:39:54.227: EZVPN: Static route change notify tableid 0, event UP, destination 12.xxx.xxx.xxx, gateway 74.xxx.xxx.xxx, interface
Dec 21 15:39:54.227: EZVPN(CISCOCP_EZVPN_CLIENT_1): VPN Route Added 12.xxx.xxx.xxx 255.255.255.255 via 74.xxx.xxx.xxx, in IP DEFAULT TABLE
Dec 21 15:39:54.227: EZVPN(CISCOCP_EZVPN_CLIENT_1): New State: READY
Dec 21 15:39:54.227: EZVPN(CISCOCP_EZVPN_CLIENT_1): Current State: READY
Dec 21 15:39:54.227: EZVPN(CISCOCP_EZVPN_CLIENT_1): Event: CONN_DOWN
Dec 21 15:39:54.227: EZVPN(CISCOCP_EZVPN_CLIENT_1): event CONN_DOWN is not for us, ignoring (16/0:15)
Dec 21 15:39:54.315: EZVPN(CISCOCP_EZVPN_CLIENT_1): Current State: READY
Dec 21 15:39:54.315: EZVPN(CISCOCP_EZVPN_CLIENT_1): Event: IKE_PFS
Dec 21 15:39:54.315: EZVPN(CISCOCP_EZVPN_CLIENT_1): No state change
Dec 21 15:39:54.315: EZVPN(CISCOCP_EZVPN_CLIENT_1): Current State: READY
Dec 21 15:39:54.315: EZVPN(CISCOCP_EZVPN_CLIENT_1): Event: CONN_UP
Dec 21 15:39:54.315: EZVPN(CISCOCP_EZVPN_CLIENT_1): ezvpn_conn_up A44709F2 84B29DA2 10F6B57C 66270912
Dec 21 15:39:54.315: EZVPN(CISCOCP_EZVPN_CLIENT_1): No state change
Dec 21 15:39:54.343: EZVPN(CISCOCP_EZVPN_CLIENT_1): Current State: READY
Dec 21 15:39:54.343: EZVPN(CISCOCP_EZVPN_CLIENT_1): Event: XAUTH_REQUEST
Dec 21 15:39:54.343: EZVPN(CISCOCP_EZVPN_CLIENT_1): ezvpn_xauth_request
Dec 21 15:39:54.343: EZVPN(CISCOCP_EZVPN_CLIENT_1): ezvpn_parse_xauth_msg
Dec 21 15:39:54.343: EZVPN: Attributes sent in xauth request message:
Dec 21 15:39:54.343: XAUTH_USER_NAME_V2(CISCOCP_EZVPN_CLIENT_1):
Dec 21 15:39:54.343: XAUTH_USER_PASSWORD_V2(CISCOCP_EZVPN_CLIENT_1):
Dec 21 15:39:54.343: EZVPN(CISCOCP_EZVPN_CLIENT_1): send saved username XXXX and password <omitted>
Dec 21 15:39:54.343: EZVPN(CISCOCP_EZVPN_CLIENT_1): New State: XAUTH_REQ
Dec 21 15:39:54.343: EZVPN(CISCOCP_EZVPN_CLIENT_1): Current State: XAUTH_REQ
Dec 21 15:39:54.343: EZVPN(CISCOCP_EZVPN_CLIENT_1): Event: XAUTH_REQ_INFO_READY
Dec 21 15:39:54.343: EZVPN(CISCOCP_EZVPN_CLIENT_1): ezvpn_xauth_reply
Dec 21 15:39:54.343: XAUTH_USER_NAME_V2(CISCOCP_EZVPN_CLIENT_1): XXXX
Dec 21 15:39:54.343: XAUTH_USER_PASSWORD_V2(CISCOCP_EZVPN_CLIENT_1): <omitted>
Dec 21 15:39:54.343: EZVPN(CISCOCP_EZVPN_CLIENT_1): New State: XAUTH_REPLIED
Router#
Dec 21 15:40:13.027: EZVPN(CISCOCP_EZVPN_CLIENT_1): Current State: XAUTH_REPLIED
Dec 21 15:40:13.027: EZVPN(CISCOCP_EZVPN_CLIENT_1): Event: XAUTH_STATUS
Dec 21 15:40:13.027: EZVPN(CISCOCP_EZVPN_CLIENT_1): xauth status received: Success
Dec 21 15:40:13.027: EZVPN(CISCOCP_EZVPN_CLIENT_1): New State: READY
Dec 21 15:40:13.051: EZVPN(CISCOCP_EZVPN_CLIENT_1): Current State: READY
Dec 21 15:40:13.051: EZVPN(CISCOCP_EZVPN_CLIENT_1): Event: MODE_CONFIG_REPLY
Dec 21 15:40:13.051: EZVPN(CISCOCP_EZVPN_CLIENT_1): VPN Route Deleted 0.0.0.0 0.0.0.0 via Virtual-Access1 in IP DEFAULT TABLE A44709F2 84B29DA2 10F6B57C 66270912
Dec 21 15:40:13.051: EZVPN(CISCOCP_EZVPN_CLIENT_1): ezvpn_parse_mode_config_msg
Dec 21 15:40:13.051: EZVPN: Attributes sent in message:
Dec 21 15:40:13.051: Peer has No IPsec Interface support
Dec 21 15:40:13.051: DNS Primary: 10.xxx.xxx.xxx
Dec 21 15:40:13.051: DNS Secondary: 10.xxx.xxx.xxx
Dec 21 15:40:13.051: NBMS/WINS Primary: 10.xxx.xxx.xxx
Dec 21 15:40:13.051: NBMS/WINS Secondary: 10.xxx.xxx.xxx
Dec 21 15:40:13.055: Split Tunnel List: 1
Dec 21 15:40:13.055: Address : 10.0.0.0
Dec 21 15:40:13.055: Mask : 255.128.0.0
Dec 21 15:40:13.055: Protocol : 0x0
Dec 21 15:40:13.055: Source Port: 0
Dec 21 15:40:13.055: Dest Port : 0
Dec 21 15:40:13.055: Default Domain: bayindustries.local
Dec 21 15:40:13.055: Savepwd on
Dec 21 15:40:13.055: EZVPN: Unknown/Unsupported Attr: APPLICATION_VERSION (0x7)
Dec 21 15:40:13.055: EZVPN(CISCOCP_EZVPN_CLIENT_1): ezvpn_mode_config
Dec 21 15:40:13.055: EZVPN(CISCOCP_EZVPN_CLIENT_1): ezvpn_nat_config
Dec 21 15:40:13.055: EZVPN(CISCOCP_EZVPN_CLIENT_1): New State: SS_OPEN
Dec 21 15:40:13.063: EZVPN(CISCOCP_EZVPN_CLIENT_1): Current State: SS_OPEN
Dec 21 15:40:13.063: EZVPN(CISCOCP_EZVPN_CLIENT_1): Event: SOCKET_READY
Dec 21 15:40:13.063: EZVPN(CISCOCP_EZVPN_CLIENT_1): No state change
it appears it is connecting but i cant ping any internal address on the network. AM i missing a route? possible ACL?
- Labels:
-
VPN
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-21-2012 08:18 AM
is it possible for you to post the configs as well?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-21-2012 08:44 AM
here is the server side first, i will get the client side shortly, i omited the parts that handle the many point to point vpn tunnels we have, let me know if you need more of the config. I included the the sh ver at the end of the config
!
! Last configuration change at 14:43:23 UTC Fri Dec 21 2012 by xxxxx
! NVRAM config last updated at 01:59:37 UTC Thu Dec 20 2012 by xxxxxx
! NVRAM config last updated at 01:59:37 UTC Thu Dec 20 2012 by xxxxxx
version 15.1
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname Router_server_side
!
boot-start-marker
boot-end-marker
!
!
logging userinfo
logging buffered 12288
enable secret (omited)
aaa new-model
!
!
aaa authentication login default local line
aaa authentication login userauth group radius local
aaa authentication enable default enable
aaa authorization network default local
aaa authorization network groupauth local
!
!
!
!
!
aaa session-id common
!
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
!
ip flow-cache timeout active 1
no ip domain lookup
ip inspect name fw1 ftp
ip inspect name fw1 https timeout 1200
ip inspect name fw1 tcp
ip inspect name fw1 udp
ip inspect name fw1 http
ip urlfilter allow-mode on
ip urlfilter server vendor websense xxxxxx
!
multilink bundle-name authenticated
!
!
crypto pki token default removal timeout 0
!
!
license udi pid CISCO2901/K9 sn XXXXXXXXXXX
!
!
username (omited) password 7 0(omited)
username (omited) password 7 (omited)
!
redundancy
!
!
!
!
!
////Many crypto keyring omited that are used for Point to point vpns connections
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp policy 11
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group (omited user)
key (omited)
dns (omited)
wins (omited)
domain (omited)
pool vpnuser
acl vpnuser
save-password
crypto isakmp profile Dynamic1
keyring dynamo1
match identity address 0.0.0.0
////crypto isakmp profiles omited
crypto isakmp profile VPNUser
match identity group (omited)
client authentication list userauth
isakmp authorization list groupauth
client configuration address respond
////crypto isakmp profiles omited
crypto isakmp profile BI_1
match identity group BI
isakmp authorization list default
client configuration address respond
virtual-template 1
!
!
crypto ipsec transform-set authenc esp-3des esp-md5-hmac
crypto ipsec transform-set authenc1 esp-des esp-md5-hmac
!
crypto dynamic-map dynamo 10
set transform-set authenc
set isakmp-profile Dynamic1
crypto dynamic-map dynamo 15
set transform-set authenc
!
!
crypto map primary local-address Loopback2
//many crypto maps omited
crypto map primary 500 ipsec-isakmp dynamic dynamo
!
!
!
!
!
interface Loopback1
ip address 192.168.253.1 255.255.255.255
!
interface Loopback2
ip address 12.xxxx.xxx.xxx 255.255.255.240
ip nat outside
ip virtual-reassembly in
crypto map primary
!
//interface tunnels omited
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description $ETH-LAN$
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.1
encapsulation dot1Q 1 native
ip address 10.xxx.xxx.xxx xxx.xxx.xxx.xxx
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
standby 1 ip xxx.xxx.xxx.xxx
standby 1 preempt
!
interface GigabitEthernet0/0.2
encapsulation dot1Q 2
ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
ip access-group dmz in
ip nat inside
ip inspect fw1 out
ip virtual-reassembly in
!
interface GigabitEthernet0/1
ip address 12.xxx.xxx.xxx 255.xxx.xxx.xxx
ip access-group Inbound in
ip nat outside
ip inspect fw1 out
ip virtual-reassembly in
duplex full
speed 100
crypto map primary
!
interface Virtual-Template1 type tunnel
ip unnumbered GigabitEthernet0/1
tunnel source GigabitEthernet0/1
tunnel mode ipsec ipv4
!
!
router eigrp 10
network 10.xxx.xxx.xxx
network 172.16.100.0 0.0.0.255
redistribute static metric 1536 2000 255 1 1500
!
ip local pool vpnuser 10.200.1.1 10.200.1.63
ip forward-protocol nd
!
ip http server
no ip http secure-server
ip flow-export source GigabitEthernet0/0.1
ip flow-export version 5
ip flow-export destination 10.1.2.150 9996
!
ip nat inside source list 199 interface Loopback2 overload
///static tranlations
ip route 0.0.0.0 0.0.0.0 12.xxx.xxx.xxx
ip route 10.xxx.xxx.xxx 255.xxx.xxx.xxx 12.xxx.xxx.xxx
ip route 192.xxx.xxx.xxx 255.xxx.xxx.xxx 10.xxx.xxx.xxx
!
ip access-list extended Inbound
//omited
ip access-list extended dmz
//omited
ip access-list extended outbound
//omited
ip access-list extended vpnuser
permit ip 10.0.0.0 0.127.255.255 10.200.1.0 0.0.0.63
!
logging trap warnings
logging 10.1.2.150
access-list 1 permit 10.1.0.0 0.0.255.255
//vpn tunnel acls omited
!
!
!
!
route-map xlate4 permit 10
match ip address 183
!
route-map xlate5 permit 10
match ip address 184
!
route-map xlate1 permit 10
match ip address 180
!
route-map xlate2 permit 10
match ip address 181
!
route-map xlate3 permit 10
match ip address 182
!
!
snmp-server community XXXXXXX RO 1
!
!
!
control-plane
!
!
!
line con 0
password xxxxxxxx
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
exec-timeout 60 0
password xxxxxxxxx
transport input all
!
scheduler allocate 20000 1000
end
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.1(4)M3, REL
EASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Tue 06-Dec-11 17:09 by prod_rel_team
ROM: System Bootstrap, Version 15.0(1r)M12, RELEASE SOFTWARE (fc1)
BI-ATT-Inet uptime is 1 week, 1 day, 7 hours, 27 minutes
System returned to ROM by power-on
System restarted at 09:07:55 UTC Thu Dec 13 2012
System image file is "flash0:c2900-universalk9-mz.SPA.151-4.M3.bin"
Last reload type: Normal Reload
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco CISCO2901/K9 (revision 1.0) with 487424K/36864K bytes of memory.
Processor board ID xxxxxxxxxxx
2 Gigabit Ethernet interfaces
1 terminal line
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash 0 (Read/Write)
License Info:
License UDI:
-------------------------------------------------
Device# PID SN
-------------------------------------------------
*0 CISCO2901/K9 xxxxxxxxxx
Technology Package License Information for Module:'c2900'
-----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------
ipbase ipbasek9 Permanent ipbasek9
security securityk9 Permanent securityk9
uc None None None
data None None None
Configuration register is 0x2102
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-21-2012 08:56 AM
here is the client config:
Current configuration : 4271 bytes
!
! Last configuration change at 15:35:20 UTC Fri Dec 21 2012 by xxxxx
! NVRAM config last updated at 15:35:21 UTC Fri Dec 21 2012 by xxxxx
! NVRAM config last updated at 15:35:21 UTC Fri Dec 21 2012 by xxxxx
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router_Client_ezvpn
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret XXXXXXXXXXXXXXXXXXXXXX
!
no aaa new-model
!
memory-size iomem 10
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-2292561780
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2292561780
revocation-check none
rsakeypair TP-self-signed-2292561780
!
!
crypto pki certificate chain TP-self-signed-2292561780
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32323932 35363137 3830301E 170D3132 31323230 31343538
34375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 32393235
36313738 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C8BB 47F0931E C47ED057 44CBF91D DEF2CAD4 2D80EE7F B1DF1CF7 724E4248
788FE29A 00084B57 1E4701DA BDFB2B0D A1A021DA 50021D98 C9105E1C 159F9AAE
639F6648 AA89B7E2 A295D9F2 CBB2C3C4 C31BFC32 FFDF5335 BCFA19FE 7463D96E
5E82CF73 D4821539 0DF2C824 26094413 84CC571E 9DE8E55D A270F122 25F7F2E9
CD3D0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14476E7C FEB39912 21FC4441 7C226D01 B10D4743 F9301D06
03551D0E 04160414 476E7CFE B3991221 FC44417C 226D01B1 0D4743F9 300D0609
2A864886 F70D0101 05050003 8181005B 3E917B25 90BF4BE7 08F329F7 12A72F7D
24D39E30 529057AB D1572C83 BE5DE584 E4FA0137 3E767F52 595C8F02 6D47971C
78CCE723 F608E0BF 17BD9CBC F15D7FAD 25F0E6A2 D6A878E6 36BD9FA0 3D0951D6
35ECD464 6FDD622D 6C5581D3 2DC71D23 BB1D8183 D284B550 D3E80CEA CFC33FCC
B6007245 2955CDA7 30E61608 E5F3F9
quit
ip source-route
!
!
!
ip dhcp excluded-address 10.99.1.1
ip dhcp excluded-address 10.99.1.2 10.99.1.19
ip dhcp excluded-address 10.99.1.240 10.99.1.255
!
ip dhcp pool ccp-pool
import all
network 10.99.1.0 255.255.255.0
default-router 10.99.1.1
domain-name bayindustries.local
dns-server 10.101.1.8 10.1.2.35
lease 0 2
!
!
ip cef
ip name-server 10.101.1.8
ip name-server 10.1.2.35
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO881-SEC-K9 sn xxxxxxxxxxx
!
!
username xxxxx privilege 15 secret xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
!
!
!
!
!
!
!
!
!
crypto ipsec client ezvpn CISCOCP_EZVPN_CLIENT_1
connect auto
group (omited) key (omited)
mode network-extension
peer 12.xxx.xxx.xxx
virtual-interface 1
username (omited) password (omited)
xauth userid mode local
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
ip address 74.xxx.xxx.xxxx 255.xxx.xxx.xxx
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto ipsec client ezvpn CISCOCP_EZVPN_CLIENT_1
!
interface Virtual-Template1 type tunnel
no ip address
tunnel mode ipsec ipv4
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 10.xxx.xxx.xxx 255.xxx.xxx.xxx
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
crypto ipsec client ezvpn CISCOCP_EZVPN_CLIENT_1 inside
!
!
router eigrp 10
network 10.xxx.xxx.xxx
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 102 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 74.xxx.xxx.xxx
!
access-list 102 permit ip 10.xxx.xxx.xxx 0.xxx.xxx.xxx any
no cdp run
!
!
!
!
!
control-plane
!
!
line con 0
login local
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
end
Current configuration : 4271 bytes
!
! Last configuration change at 15:35:20 UTC Fri Dec 21 2012 by xxxxx
! NVRAM config last updated at 15:35:21 UTC Fri Dec 21 2012 by xxxxx
! NVRAM config last updated at 15:35:21 UTC Fri Dec 21 2012 by xxxxx
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router_Client_ezvpn
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret XXXXXXXXXXXXXXXXXXXXXX
!
no aaa new-model
!
memory-size iomem 10
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-2292561780
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2292561780
revocation-check none
rsakeypair TP-self-signed-2292561780
!
!
crypto pki certificate chain TP-self-signed-2292561780
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32323932 35363137 3830301E 170D3132 31323230 31343538
34375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 32393235
36313738 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C8BB 47F0931E C47ED057 44CBF91D DEF2CAD4 2D80EE7F B1DF1CF7 724E4248
788FE29A 00084B57 1E4701DA BDFB2B0D A1A021DA 50021D98 C9105E1C 159F9AAE
639F6648 AA89B7E2 A295D9F2 CBB2C3C4 C31BFC32 FFDF5335 BCFA19FE 7463D96E
5E82CF73 D4821539 0DF2C824 26094413 84CC571E 9DE8E55D A270F122 25F7F2E9
CD3D0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14476E7C FEB39912 21FC4441 7C226D01 B10D4743 F9301D06
03551D0E 04160414 476E7CFE B3991221 FC44417C 226D01B1 0D4743F9 300D0609
2A864886 F70D0101 05050003 8181005B 3E917B25 90BF4BE7 08F329F7 12A72F7D
24D39E30 529057AB D1572C83 BE5DE584 E4FA0137 3E767F52 595C8F02 6D47971C
78CCE723 F608E0BF 17BD9CBC F15D7FAD 25F0E6A2 D6A878E6 36BD9FA0 3D0951D6
35ECD464 6FDD622D 6C5581D3 2DC71D23 BB1D8183 D284B550 D3E80CEA CFC33FCC
B6007245 2955CDA7 30E61608 E5F3F9
quit
ip source-route
!
!
!
ip dhcp excluded-address 10.99.1.1
ip dhcp excluded-address 10.99.1.2 10.99.1.19
ip dhcp excluded-address 10.99.1.240 10.99.1.255
!
ip dhcp pool ccp-pool
import all
network 10.99.1.0 255.255.255.0
default-router 10.99.1.1
domain-name bayindustries.local
dns-server 10.101.1.8 10.1.2.35
lease 0 2
!
!
ip cef
ip name-server 10.101.1.8
ip name-server 10.1.2.35
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO881-SEC-K9 sn xxxxxxxxxxx
!
!
username xxxxx privilege 15 secret xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
!
!
!
!
!
!
!
!
!
crypto ipsec client ezvpn CISCOCP_EZVPN_CLIENT_1
connect auto
group (omited) key (omited)
mode network-extension
peer 12.xxx.xxx.xxx
virtual-interface 1
username (omited) password (omited)
xauth userid mode local
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
ip address 74.xxx.xxx.xxxx 255.xxx.xxx.xxx
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto ipsec client ezvpn CISCOCP_EZVPN_CLIENT_1
!
interface Virtual-Template1 type tunnel
no ip address
tunnel mode ipsec ipv4
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 10.xxx.xxx.xxx 255.xxx.xxx.xxx
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
crypto ipsec client ezvpn CISCOCP_EZVPN_CLIENT_1 inside
!
!
router eigrp 10
network 10.xxx.xxx.xxx
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 102 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 74.xxx.xxx.xxx
!
access-list 102 permit ip 10.xxx.xxx.xxx 0.xxx.xxx.xxx any
no cdp run
!
!
!
!
!
control-plane
!
!
line con 0
login local
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
end
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: