11-12-2010 10:23 PM
Hi all,
I've tried to create a EzVPN server on my 2811 router, I've try many options and try to clear firewall settings.
Clients can connect, with CISCO VPN Client 5.007.0290, but they allways not receiving 0 packets.
CCP version is 2.3, and IOS is 2800 advanced ip service, 150-1.M4. , also i've try 124-15.T12
any comment is appreciated
update: I've recreated a vpn from a "fresh" config. removed "dpd" now iphone client can login but like pc clients, 0 packets received.
enclosed is the new config and the "sh crypt ipsec sa" result.
11-13-2010 12:41 AM
First of all, you do not need the secondary ip addresses on your public interface:
ip address x.x.x.85 255.255.255.240 secondary
ip address x.x.x.86 255.255.255.240 secondary
ip address x.x.x.87 255.255.255.240 secondary
ip address x.x.x.88 255.255.255.240 secondary
Also, take note that EzVPN encapsulates ESP in UDP (to allow nat).
Therefore, acl's matching esp are possibly not correct.
regards,
Leo
11-13-2010 07:13 AM
thanks, i've just post update config/results above.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: