04-24-2012 07:19 AM
Hi all,
I have a cisco EasyVPN between cisco 870 and cisco ASA 5510 and have a trouble:
EasyVPN ceased to work...
From the cisco 800 series I see that ISAKmp is up
#show cry isa sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
X.X.X.X Y.Y.Y.Y QM_IDLE 2050 ACTIVE
X.X.X.X Y.Y.Y.Y MM_NO_STATE 2049 ACTIVE (deleted)
X.X.X.X Y.Y.Y.Y MM_NO_STATE 2048 ACTIVE (deleted)
X.X.X.X Y.Y.Y.Y MM_NO_STATE 2047 ACTIVE (deleted)
but ipsec phase is not established.
#show crypto ipsec sa
interface: Virtual-Access1
Crypto map tag: Virtual-Access1-head-0, local addr Y.Y.Y.Y
protected vrf: (none)
local ident (addr/mask/prot/port): (Y.Y.Y.Y/255.255.255.192/0/0)
remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
current_peer X.X.X.X port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
002272: Apr 24 17:38:29.391 VRN: EZVPN(EZVPN_CLIENT): New State: CONNECT_REQUIRED
002273: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): Current State: CONNECT_REQUIRED
002274: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): Event: CONNECT
002275: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): ezvpn_connect_request
002276: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): Found valid peer X.X.X.X
002277: Apr 24 17:38:29.395 VRN: EzVPN(EZVPN_CLIENT): Max number of connection attempts made to X.X.X.X
, connecting to next peer
002278: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): ezvpn_close
002279: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): VPN Route Deleted 0.0.0.0 0.0.0.0 via Virtual-Access1 in IP DEFAULT TABLE
002280: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): nulling context
002281: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): Deleted PSK for address X.X.X.X
002282: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): No Connect ACL checking status change
002283: Apr 24 17:38:29.395 VRN: EzVPN: Local Traffic Feature Deleted
002284: Apr 24 17:38:29.395 VRN: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client) User=<omitted>Group<omitted>Server_public_addr=X.X.X.X
002285: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): Deleted PSK for address X.X.X.X
002286: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): New active peer is X.X.X.X
002287: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): Ready to connect to peer X.X.X.X
002288: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): Attempting to connect to peer X.X.X.X
002289: Apr 24 17:38:29.395 VRN: EZVPN(EZVPN_CLIENT): Added PSK for address X.X.X.X
002290: Apr 24 17:38:29.395 VRN: EzVPN(EZVPN_CLIENT): sleep jitter delay 1679
002291: Apr 24 17:38:31.075 VRN: EZVPN: Static route change notify tableid 0, event DOWN, destination X.X.X.X gateway 0.0.0.0, interface Dialer1
002292: Apr 24 17:38:31.075 VRN: EZVPN(EZVPN_CLIENT): VPN Route Deleted X.X.X.X 255.255.255.255 via 0.0.0.0,Dialer1 in IP DEFAULT TABLE
002293: Apr 24 17:38:31.075 VRN: EZVPN: Static route change notify tableid 0, event UP, destination X.X.X.X, gateway 0.0.0.0, interface Dialer1
002294: Apr 24 17:38:31.075 VRN: EZVPN(EZVPN_CLIENT): VPN Route Added X.X.X.X 255.255.255.255 via 0.0.0.0,Dialer1 in IP DEFAULT TABLE
002295: Apr 24 17:38:31.075 VRN: EZVPN(EZVPN_CLIENT): New State: READY
002296: Apr 24 17:38:31.075 VRN: EZVPN(EZVPN_CLIENT): Current State: READY
002297: Apr 24 17:38:31.075 VRN: EZVPN(EZVPN_CLIENT): Event: CONNECT
002298: Apr 24 17:38:31.075 VRN: EZVPN(EZVPN_CLIENT): No state change
002299: Apr 24 17:38:31.135 VRN: EZVPN(EZVPN_CLIENT): Current State: READY
002300: Apr 24 17:38:31.135 VRN: EZVPN(EZVPN_CLIENT): Event: IKE_PFS
002301: Apr 24 17:38:31.135 VRN: EZVPN(EZVPN_CLIENT): No state change
002302: Apr 24 17:38:31.135 VRN: EZVPN(EZVPN_CLIENT): Current State: READY
002303: Apr 24 17:38:31.135 VRN: EZVPN(EZVPN_CLIENT): Event: CONN_UP
002304: Apr 24 17:38:31.135 VRN: EZVPN(EZVPN_CLIENT): ezvpn_conn_up 6548E586 3D665C22 53A25C20 F12F5F68
002305: Apr 24 17:38:31.135 VRN: EZVPN(EZVPN_CLIENT): No state change
002306: Apr 24 17:38:31.155 VRN: EZVPN(EZVPN_CLIENT): Current State: READY
002307: Apr 24 17:38:31.155 VRN: EZVPN(EZVPN_CLIENT): Event: XAUTH_REQUEST
002308: Apr 24 17:38:31.155 VRN: EZVPN(EZVPN_CLIENT): ezvpn_xauth_request
002309: Apr 24 17:38:31.155 VRN: EZVPN(EZVPN_CLIENT): ezvpn_parse_xauth_msg
002310: Apr 24 17:38:31.155 VRN: EZVPN: Attributes sent in xauth request message:
002311: Apr 24 17:38:31.155 VRN: XAUTH_TYPE_V2(EZVPN_CLIENT): 0
002312: Apr 24 17:38:31.155 VRN: XAUTH_USER_NAME_V2(EZVPN_CLIENT):
002313: Apr 24 17:38:31.155 VRN: XAUTH_USER_PASSWORD_V2(EZVPN_CLIENT):
002314: Apr 24 17:38:31.155 VRN: EZVPN(EZVPN_CLIENT): send saved username<omitted>and password <omitted>
002315: Apr 24 17:38:31.155 VRN: EZVPN(EZVPN_CLIENT): New State: XAUTH_REQ
002316: Apr 24 17:38:31.155 VRN: EZVPN(EZVPN_CLIENT): Current State: XAUTH_REQ
002317: Apr 24 17:38:31.155 VRN: EZVPN(EZVPN_CLIENT): Event: XAUTH_REQ_INFO_READY
002318: Apr 24 17:38:31.155 VRN: EZVPN(EZVPN_CLIENT): ezvpn_xauth_reply
002319: Apr 24 17:38:31.155 VRN: XAUTH_TYPE_V2(EZVPN_CLIENT): 0
002320: Apr 24 17:38:31.155 VRN: XAUTH_USER_NAME_V2(EZVPN_CLIENT):<omitted>
002321: Apr 24 17:38:31.155 VRN: XAUTH_USER_PASSWORD_V2(EZVPN_CLIENT): <omitted>
002322: Apr 24 17:38:31.155 VRN: EZVPN(EZVPN_CLIENT): New State: XAUTH_REPLIED
002323: Apr 24 17:38:31.243 VRN: EZVPN(EZVPN_CLIENT): Current State: XAUTH_REPLIED
002324: Apr 24 17:38:31.243 VRN: EZVPN(EZVPN_CLIENT): Event: XAUTH_STATUS
002325: Apr 24 17:38:31.243 VRN: EZVPN(EZVPN_CLIENT): xauth status received: Success
002326: Apr 24 17:38:31.243 VRN: EZVPN(EZVPN_CLIENT): New State: READY
002327: Apr 24 17:38:31.267 VRN: EZVPN(EZVPN_CLIENT): Current State: READY
002328: Apr 24 17:38:31.267 VRN: EZVPN(EZVPN_CLIENT): Event: MODE_CONFIG_REPLY
002329: Apr 24 17:38:31.267 VRN: EZVPN(EZVPN_CLIENT): VPN Route Deleted 0.0.0.0 0.0.0.0 via Virtual-Access1 in IP DEFAULT TABLE 6548E586 3D665C22 53A25C20 F12F5F68 6548E586 3D665C22 53A25C20 F12F5F68 6548E586 3D665C22 53A25C20 F12F5F68
002330: Apr 24 17:38:31.267 VRN: EZVPN(EZVPN_CLIENT): ezvpn_parse_mode_config_msg
002331: Apr 24 17:38:31.267 VRN: EZVPN: Attributes sent in message:
002332: Apr 24 17:38:31.267 VRN: DNS Primary: X.X.X.X
002333: Apr 24 17:38:31.267 VRN: DNS Secondary: X.X.X.X
002334: Apr 24 17:38:31.267 VRN: Savepwd on
002335: Apr 24 17:38:31.267 VRN: Default Domain: nodomain
002336: Apr 24 17:38:31.267 VRN: Enabling PFS with group: 2
002337: Apr 24 17:38:31.267 VRN: EZVPN: Unknown/Unsupported Attr: APPLICATION_VERSION (0x7)
002338: Apr 24 17:38:31.271 VRN: EZVPN(EZVPN_CLIENT): ezvpn_mode_config
002339: Apr 24 17:38:31.271 VRN: EZVPN(EZVPN_CLIENT): New State: SS_OPEN
002340: Apr 24 17:38:31.299 VRN: EZVPN(EZVPN_CLIENT): Current State: SS_OPEN
002341: Apr 24 17:38:31.299 VRN: EZVPN(EZVPN_CLIENT): Event: SOCKET_READY
002342: Apr 24 17:38:31.299 VRN: EZVPN(EZVPN_CLIENT): No state change
002343: Apr 24 17:38:31.311 VRN: EZVPN(EZVPN_CLIENT): Current State: SS_OPEN
002344: Apr 24 17:38:31.311 VRN: EZVPN(EZVPN_CLIENT): Event: SOCKET_READY
002345: Apr 24 17:38:31.311 VRN: EZVPN(EZVPN_CLIENT): No state change
002346: Apr 24 17:38:31.311 VRN: EZVPN(EZVPN_CLIENT): Current State: SS_OPEN
002347: Apr 24 17:38:31.311 VRN: EZVPN(EZVPN_CLIENT): Event: SOCKET_READY
002348: Apr 24 17:38:31.311 VRN: EZVPN(EZVPN_CLIENT): No state change
#show crypto ipsec client ezvpn
Easy VPN Remote Phase: 8
Tunnel name : EZVPN_CLIENT
Inside interface list: Vlan1, Vlan3
Outside interface: Virtual-Access1 (bound to Dialer1)
Current State: SS_OPEN
Last Event: SOCKET_READY
DNS Primary: X.X.X.X
DNS Secondary: X.X.X.X
Default Domain: nodomain
Using PFS Group: 2
Save Password: Allowed
Current EzVPN Peer: X.X.X.X
_____________________
From ASA side i see
155 IKE Peer: X.X.X.X
Type : user Role : responder
Rekey : no State : AM_TM_INIT_MODECFG_V6H
Anybody knows what is the AM_TM_INIT_MODECFG_V6H state???? ANd what's the problem with this? Provider give me PPPoE
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide