Solved: EZVPN - PIX to PIX

ROBERT CROOKS · ‎12-09-2003

This may be a silly question, but I am at a loss to see what is the problem.

I have a 515 at my site and am in the process of installing a few small office 501's around the country.

Each office can connect and establish a tunnel when I configure them using EZ, and I have a split-tunnel configuration so they can get to the Internet or to me whenever.

If for some reason I have to reboot my PIX or my T1 goes down, they lose the tunnel (of course) but they also lose any Internet connections that they may have. The only way to get them connected to the world again is to go and uncheck the "use EZVPN" box.

Ultimately, I don't want then to lose all connectivity when/if I go down.

What am I overlooking?

Thanks in advance.

Robert Crooks

Network Systems Admin

Ivaco Rolling Mills

kghutton · ‎12-15-2003

try adding no-xauth no-config-mode to your isakmp key statement.

isakmp key YOURPASSWORD address 192.168.1.2 netmask 255.255.255.255 no-xauth no-config-mode

or try starting with this documentation

http://www.cisco.com/en/US/customer/products/sw/secursw/ps2120/products_user_guide_chapter09186a00800898f7.html

View solution in original post

b.speltz · ‎12-15-2003

I could not find any documents exactly matching your requirements, but the following document should be the closest. Try checking your configurtion,

http://www.cisco.com/warp/customer/110/pix-ios-easyvpn.html

kghutton · ‎12-15-2003

try adding no-xauth no-config-mode to your isakmp key statement.

isakmp key YOURPASSWORD address 192.168.1.2 netmask 255.255.255.255 no-xauth no-config-mode

or try starting with this documentation

http://www.cisco.com/en/US/customer/products/sw/secursw/ps2120/products_user_guide_chapter09186a00800898f7.html