07-23-2009 04:26 PM
Hi,
I'm trying to setup an easy VPN between Cisco ASA 5520 8.0(3)6 and Cisco 857 Router 12.4(15)T7 C850-ADVSECURITYK9-M.
Firewall has permanent public IP configuration and it acts as easy vpn server and router doesn't have permanent public IP assigned and it acts as easy vpn client.
I've attached configurations of both server (ASA5520) and client (c857)
When I do sh cry ipsec client ezvpn on the router
I get this:
Easy VPN Remote Phase: 6
Tunnel name : ASA
Inside interface list: Vlan1
Outside interface: Dialer0
Current State: SS_OPEN
Last Event: SOCKET_READY
DNS Primary: 211.29.132.12
DNS Secondary: 10.46.2.202
Save Password: Allowed
when I do sh crypto isakmp sa on firewall I get the following:
Active SA: 1
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1
1 IKE Peer: xxx.xx.xxx.xx
Type : user Role : responder
Rekey : no State : AM_TM_INIT_MODECFG_V6H
when I do sh crypto isakmp sa on the router I get the following:
IPv4 Crypto ISAKMP SA
dst src state conn-id slot status
xxx.xxx.xx.x yyy.yy.yyy.yy QM_IDLE 2038 0 ACTIVE
xxx.xxx.xx.x yyy.yy.yyy.yy MM_NO_STATE 2037 0 ACTIVE (deleted)
xxx.xxx.xx.x yyy.yy.yyy.yy MM_NO_STATE 2036 0 ACTIVE (deleted)
xxx.xxx.xx.x yyy.yy.yyy.yy MM_NO_STATE 2035 0 ACTIVE (deleted)
I'm stuck at this point.
Your help is much appreciated.
07-29-2009 08:09 AM
You may try adding the command "set isakmp-profile profile-name". This command describes the ISAKMP profile to use when you start the Internet Key Exchange (IKE) exchange. Before configuring an ISAKMP profile on a crypto map, you should set up the ISAKMP profile.
07-29-2009 03:19 PM
Hi,
I think the router (client) is having trouble accepting config from the ASA (server).
I've attached log from the router (client).
And here is the log from ASA:
Jul 30 09:13:56 [IKEv1]: Group = EZVPN-NZ, Username = vpnuser, IP = yyy.yy.yyy.yy, Removing peer from peer table failed, no match!
Jul 30 09:13:56 [IKEv1]: Group = EZVPN-NZ, Username = vpnuser, IP = yyy.yy.yyy.yy, Error: Unable to remove PeerTblEntry
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide