Hello Michal, thsnk you so much for you quick response

I type the config that you provided me

And I got the following result

ROUTER881#sh cry ip cl ez

Inside interface list: Fastethernet1

Outside interface: FastEthernet4

Current State: TUNNEL_INT_UP

Last Event: TUNNEL_INTERFACE_UP

Save Password: Allowed

Current EzVPN Peer: [IP ROUTER Addres]

In the other side with VPN router

I typed

vpngw#sh crypto isakmp peers

Peer: 187.237.14.216 PORT 57560 Local: [IP ROUTER Addres]

     Phase id: [Tunnel Name]

It seems the connection has been established however any device behind VPN router response to the 881 behind network.

If you still have problem it might be the matter of hub configuration.

Could you access CUCM from cisco vpn client computer ?

Can you ping CUCM from 881 using inside network as a source  ?

---

Michal

Hi Michal

Yes, when I connect my computer to VPN by "VPN-client" I can reach the CUCM.

But when I configure the Crypto I  can not reach the CUCM by pinging from Router 881.

In other words, ping 10.0.80.75 source 192.168.1.1

where 10.0.80.75 is CUCM IP-address

and

192.168.1.1 is inside 881 network

This is so very strange

Hi Carlos,

Please configure "crypto ipsec client ezvpn Netmedical inside" under vlan1 interface (not fa1)

---

Michal

Hi Michal

I have configured "crypto ipsec client ezvpn Netmedical inside" under VLAN1. I realized that "show crypto ip cl ez"

is changing quickly.

It shows me:

different status

As you can see in the picture. Workstation on the router881 can connect to the VPN but Router 881 itself can not.

I have to say that VPN router provide to its clients with VPN IP Address.

I can share the VPN configuration that I have on VPN router.

username "username" password "userpassword"

then

crypto isakmp client configuration group [group-name]

key [Key]

dns [IP DNS]

pool [Client _POOL]

acl Client_ACL

max-users 2

max-logins 2

netmask 255.255.255.0

then

crypto isakmp profile IKE_PROFILE

     match identity group Netmedical

then

ip local pool Client _POOL 192.168.212.128 192.168.212.254

[these are the ip address provide to the clients]

then

ip access-list extended Client_ACL

     permit ip host 10.0.80.75 192.168.212 0.0.0.127 <--------- CUCM ADDRESS

Well I can not still find any solution.  We are still looking for something.

Thank you for your help

Connection from router is failing, you should see status:

Current State: IPSEC_ACTIVE

ACL and POOL configuration is used on server side, not client side.

Please use this example for client (nothing more)

crypto ipsec client ezvpn GROUP1

connect auto

group GROUP1 key cisco

mode client

peer 192.168.0.2

username cisco password cisco

Bind that config to vlan1 as inside and ethernet4 as outside.

If you still have problems show me "debug crypto isakmp" results.

---

Michal

Hi Michal

Everything that you told me was correct in the Router 881 Side. However the problem was with the Router VPN Server.

In the section

crypto isakmp client configuration group [name]

Line ------> save-password

This line was missing and for that, the connection couldn't established at the beginning.

Well, thank you so much for your help.

Best Regards from Mexico.