01-29-2004 12:06 PM - edited 02-21-2020 01:01 PM
Can you send me an example of configuration with Easy VPN server + Access internet.
I already tried every think an no results.
My solution as central site with 2611xm+aim-vpn release 12.2(15)ZJ3 C2600-IK9O3S-M .static ip from isp.
12 Remote site with 836,837 release c836-k9o3s8y6-mz.122-13.ZH2. ip dynamic from isp. Network extension.
The central site does not work.
Can you help me, Easy VPN for me is new.
Regards
Carlos
01-31-2004 01:18 PM
Hi Carlos,
Seems like you are trying to configure EzVPN's on IOS Routers while using them as clients and server.
We have the config's avaialble for both but not in the same document:
EzVPN client configuration:
EzVPN server configuration:
Kindly make sure that if you are using the NEM (network extension mode) then you configure the same on both the EzVPN client and server.
Hope this helps,
Regards,
Aamir
-=-=-
02-02-2004 07:14 AM
Thank you Aamir,
I already put it too work. But this document could been a help at the start ogf my work.
The problem was with ip address.
But thank´s any way.
Regards
Carlos
02-02-2004 11:56 AM
You are welcome..!
02-03-2004 12:47 PM
Hello ,
Well the ping it works but port 80 and other does not. Pease can you help me looking to my configurations and advised
*** Client easy vpn config ***
hostname yourname
!
logging queue-limit 100
logging buffered 51200 warnings
!
username sdm privilege 15 password 0 sdm
ip subnet-zero
ip domain name yourdomain.com
ip name-server 10.0.0.6
!
!
crypto ipsec client ezvpn tunel1
connect auto
group xxxxx key xxxxx
mode network-extension
peer 195.23.20.21
!
!
!
interface Ethernet0
ip address 10.10.13.254 255.255.255.0
ip tcp adjust-mss 1452
crypto ipsec client ezvpn tunel1 inside
!
interface BRI0
no ip address
shutdown
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode etsi
!
interface ATM0.3 point-to-point
pvc 0/35
pppoe-client dial-pool-number 1
!
!
interface Dialer2
ip address negotiated
ip mtu 1452
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname teste
ppp chap password 0 teste
ppp pap sent-username teste
crypto ipsec client ezvpn tunel1
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer2
ip route 10.0.0.0 255.255.255.0 195.23.20.21
!
dialer-list 1 protocol ip permit
!
*** SERVER easy vpn config ***
!
version 12.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname MontiCentral
!
logging queue-limit 100
logging buffered 51200 debugging
logging console critical
enable secret t
!
aaa new-model
!
!
aaa authorization network montisistemas local
aaa session-id common
ip subnet-zero
no ip source-route
ip tcp synwait-time 10
ip cef
!
!
ip domain name montisistemas.com
ip name-server 195.23.129.126
ip name-server 194.79.69.222
!
no ip bootp server
ip audit notify log
ip audit po max-events 100
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group montisistemas
key sistemasmonti
dns 10.0.0.6
domain montisistemas.com
acl 150
!
!
crypto ipsec transform-set transform-1 esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 1
set transform-set transform-1
reverse-route
!
!
crypto map dynmap isakmp authorization list montisistemas
crypto map dynmap client configuration address respond
crypto map dynmap 1 ipsec-isakmp dynamic dynmap
!
!
!
interface ATM0/0
ip route-cache flow
no atm ilmi-keepalive
pvc 0/35
pppoe-client dial-pool-number 1
!
dsl operating-mode etsi
!
interface FastEthernet0/0
description rede interna
ip address 10.0.0.253 255.255.255.0
ip nat inside
ip route-cache flow
duplex auto
speed auto
!
!
interface Dialer1
ip address 195.23.20.21 255.255.255.252
ip mtu 1492
ip nat outside
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer remote-name redback
dialer-group 1
ppp authentication pap chap callin
ppp chap hostname teste1
ppp chap password teste1
ppp pap sent-username teste1
ppp ipcp dns request
ppp ipcp wins request
crypto map dynmap
!
ip nat inside source route-map nonat interface Dialer1 overload
ip http server
ip http authentication local
ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
!
ip access-list extended UNKNOWN
ip access-list extended console
ip access-list extended dns-servers
ip access-list extended group-lock
ip access-list extended idletime
ip access-list extended service
!
access-list 105 deny ip 10.0.0.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 105 deny ip 10.0.0.0 0.0.0.255 10.10.13.0 0.0.0.255
access-list 105 permit ip 10.0.0.0 0.0.0.255 any
access-list 150 permit ip 10.0.0.0 0.0.0.255 any
access-list 150 permit ip 10.10.13.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
route-map nonat permit 10
match ip address 105
!
!
end
If i put a web server on the cliente lan it works fine, but if the server is on the server lan it does not work.
the ping between the two lan´s it works fine.
Can you help me to find my error.
Regards carlos
02-06-2004 07:56 AM
Solution:
I recommend to add the following commands to the crypto map related with that connection:
crypto ipsec df-bit clear
Then go to the router interace where the crypto map is applied and put this:
ip mtu 1440
ip tcp adjust-mss 1440
A tried and it is working fine
Carlos
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide