01-31-2013 10:09 AM
hi all,
i've been troubleshooting my EZVPN lab setup but can't seem to make it work.
appreciate someone's help with my config. thanks in advance!
EZVPN_SERVER#sh ip int bri
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 1.1.1.1 YES manual up up
FastEthernet0/1 unassigned YES unset administratively down down
FastEthernet1/0 unassigned YES unset administratively down down
Virtual-Access1 unassigned YES unset down down
Virtual-Template1 1.1.1.1 YES TFTP down down
Loopback1 172.16.2.10 YES manual up up
EZVPN_SERVER#show run
Building configuration...
Current configuration : 2281 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname EZVPN_SERVER
!
boot-start-marker
boot-end-marker
!
!
aaa new-model
!
!
aaa authentication login EZVPN_AUTHENTICATION local
aaa authorization network EZVPN_AUTHORIZTION local
!
aaa session-id common
!
resource policy
!
memory-size iomem 5
ip subnet-zero
ip cef
!
!
!
!
no ip domain lookup
ip domain name lab.local
!
!
!
!
username ezvpnuser password 0 cisco
!
!
!
crypto isakmp policy 10
encr aes
authentication pre-share
group 5
!
crypto isakmp client configuration group EZVPN_GROUP
key cisco
domain lab.com
pool EZVPN_POOL
acl EZVPN_SPLIT_TUNNEL_ACL
crypto isakmp profile EZVPN_ISAKMP_PROFILE
match identity group EZVPN_GROUP
client authentication list EZVPN_AUTHENTICATION
isakmp authorization list EZVPN_AUTHORIZATION
client configuration address respond
client configuration group EZVPN_GROUP
virtual-template 1
!
!
crypto ipsec transform-set EZVPN_TSET esp-aes esp-sha-hmac
!
crypto ipsec profile EZVPN_IPSEC_PROFILE
set transform-set EZVPN_TSET
set isakmp-profile EZVPN_ISAKMP_PROFILE
!
!
!
!
interface Loopback1
ip address 172.16.2.10 255.255.255.0
!
interface FastEthernet0/0
ip address 1.1.1.1 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface Virtual-Template1 type tunnel
ip unnumbered FastEthernet0/0
tunnel mode ipsec ipv4
tunnel protection ipsec profile EZVPN_IPSEC_PROFILE
!
ip local pool EZVPN_POOL 172.16.100.10 172.16.100.150
ip classless
ip route 0.0.0.0 0.0.0.0 1.1.1.2
!
no ip http server
no ip http secure-server
!
ip access-list extended EZVPN_SPLIT_TUNNEL_ACL
permit ip 172.16.2.0 0.0.0.255 any
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
!
!
end
-----
EZVPN_CLIENT#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 1.1.1.2 YES manual up up
FastEthernet0/1 172.16.1.254 YES manual up up
FastEthernet1/0 unassigned YES unset administratively down down
Virtual-Access1 unassigned YES unset down down
Virtual-Template1 unassigned YES TFTP down down
Virtual-TokenRing1 unassigned YES unset up up
EZVPN_CLIENT#show run
Building configuration...
Current configuration : 1355 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname EZVPN_CLIENT
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
ip subnet-zero
ip cef
!
!
!
!
no ip domain lookup
ip domain name lab.local
!
!
!
!
!
!
!
!
!
crypto ipsec client ezvpn EZVPN_CLIENT
connect auto
group EZVPN_GROUP key cisco
mode client
peer 1.1.1.1
username ezvpnuser password cisco
xauth userid mode local
!
!
!
interface FastEthernet0/0
ip address 1.1.1.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.16.1.254 255.255.255.0
duplex auto
speed auto
crypto ipsec client ezvpn EZVPN_CLIENT inside
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface Virtual-Template1 type tunnel
no ip address
tunnel mode ipsec ipv4
crypto ipsec client ezvpn EZVPN_CLIENT
!
!
ip classless
ip route 0.0.0.0 0.0.0.0 1.1.1.1
!
no ip http server
no ip http secure-server
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end
----
EZVPN_CLIENT#show crypto isakmp sa
dst src state conn-id slot status
1.1.1.1 1.1.1.2 AG_INIT_EXCH 1 0 ACTIVE
EZVPN_CLIENT#show crypto ipsec client ezvpn
Easy VPN Remote Phase: 4
Tunnel name : EZVPN_CLIENT
Inside interface list: FastEthernet0/1
Outside interface: Virtual-Template1
Current State: VALID_CFG
Last Event: VALID_CONFIG_ENTERED
Save Password: Allowed
Current EzVPN Peer: 1.1.1.1
EZVPN_CLIENT(config-if)#
*Mar 1 01:51:33.835: EZVPN(EZVPN_CLIENT): Current State: READY
*Mar 1 01:51:33.835: EZVPN(EZVPN_CLIENT): Event: RESET
*Mar 1 01:51:33.835: EZVPN(EZVPN_CLIENT): New active peer is 1.1.1.1
*Mar 1 01:51:33.835: EZVPN(EZVPN_CLIENT): Ready to connect to peer 1.1.1.1
*Mar 1 01:51:33.835: EZVPN(EZVPN_CLIENT): ezvpn_close
*Mar 1 01:51:33.835: EZVPN(EZVPN_CLIENT): Deleted PSK for address 1.1.1.1
*Mar 1 01:51:33.835: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client) User= Group=EZVPN_GROUP
Client_public_addr=1.1.1.2 Server_public_addr=1.1.1.1
*Mar 1 01:51:33.835: EZVPN(EZVPN_CLIENT): ezvpn_reset
*Mar 1 01:51:33.835: EZVPN(EZVPN_CLIENT): New State: CONNECT_REQUIRED
*Mar 1 01:51:33.835: EZVPN(EZVPN_CLIENT): Current State: CONNECT_REQUIRED
*Mar 1 01:51:33.835: EZVPN(EZVPN_CLIENT): Event: CONNECT
*Mar 1 01:51:33.835: EZVPN(EZVPN_CLIENT): ezvpn_connect_request
*Mar 1 01:51:33.835: EZVPN(EZVPN_CLIENT): Found valid peer 1.1.1.1
*Mar 1 01:51:33.835: EZVPN(EZVPN_CLIENT): Added PSK for address 1.1.1.1
*Mar 1 01:51:33.835: EZVPN(EZVPN_CLIENT): New State: READY
*Mar 1 01:51:33.835: ISAKMP: received ke message (1/1)
*Mar 1 01:51:33.835: ISAKMP:(0:1:SW:1):SA is still budding. Attached new ipsec request to it. (local
1.1.1.2, remote 1.1.1.1)
01-31-2013 02:53 PM
Command missing on client outside interface that is fa 0/0
Crypto ipsec client ezvpn .....
....outside.
Sent from Cisco Technical Support Android App
02-01-2013 06:22 AM
hi,
thanks for the reply! i've tried testing on both FE0/0 (WAN) and virtual-template ports but it's still not working.
i've noticed it's not applying the command as per show run and show ip interface brief shows virtual template as down/down. any ideas?
EZVPN_CLIENT(config)#interface fastethernet0/0
EZVPN_CLIENT(config-if)#crypto ipsec client ezvpn EZVPN_CLIENT ?
inside inside
outside outside
EZVPN_CLIENT(config-if)#crypto ipsec client ezvpn EZVPN_CLIENT outside
Error:Only one outside interface is allowed per ezvpn configuration
02-01-2013 12:31 PM
Hi,
you missed this command: "virtual-interface 1" under "crypto ipsec client ezvpn EZVPN_CLIENT"
Also, remove "crypto ipsec client ezvpn EZVPN_CLIENT" from under virtual-template interface and put it under the egress physical interface.
i hope this helps you.
----------------------------
Mashal
02-03-2013 06:54 PM
Hi Mashal,
Thanks for your feedback! Let me lab this again and let you know the results.
Sent from Cisco Technical Support iPad App
02-05-2013 07:35 AM
hi mashal,
i tried to attemp to setup EZVPN again, but i don't see the option for 'virtual-interface 1' command. any ideas and what IOS train has this command?
EZVPN_CLIENT(config-crypto-ezvpn)#?
Crypto EzVPN configuration commands:
acl Specify access-list identifier for SA establishment
backup Configure an EzVPN as a backup
connect Connect
exit Exit from EzVPN configuration mode
group Group Name
local-address Interface to use for local address for this ezvpn
configuration
mode Mode
no Negate a command or set its defaults
peer Allowed Encryption/Decryption Peer
username User Name
xauth XAuth parameters
EZVPN_CLIENT(config-crypto-ezvpn)#v?
% Unrecognized command
EZVPN_CLIENT(config-if)#int f0/0
EZVPN_CLIENT(config-if)#crypto ipsec client ezvpn EZVPN_CLIENT
EZVPN_CLIENT(config-if)#
*Mar 1 00:25:01.079: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
*Mar 1 00:25:01.551: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Informational mode failed with peer at
1.1.1.1
EZVPN_CLIENT(config-if)#do sh crypto isa sa
dst src state conn-id slot status
1.1.1.1 1.1.1.2 AG_INIT_EXCH 1 0 ACTIVE
06-06-2013 05:15 AM
Hi John,
Did you resolve this as I have exact same issue. I cannot enter the 'virtual-interface 1' command under "crypto ipsec client ezvpn EZVPN_CLIENT".....any ideas anyone?
I am following the SECURE Offical cert guide, and i have tried this on various router platforms but no joy with that command?
06-06-2013 09:30 AM
Working sample:
Server:
!
aaa new-model
!
!
aaa authentication login NO none
aaa authentication login XAUTH local
aaa authentication login XAUTH_EXT group radius
aaa authorization network EZ_POL local
aaa authorization network EZ_EXT group radius
aaa authorization network EZ_PKI group radius
!
!
aaa session-id common
memory-size iomem 15
clock timezone GMT+1 1
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
ip domain name ipexpert.com
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
!
crypto pki trustpoint CA
enrollment url http://8.9.50.2:80
subject-name cn=R4.ipexpert.com
revocation-check none
authorization username subjectname commonname
!
!
crypto pki certificate chain CA
certificate 05
30820217 30820180 A0030201 02020105 300D0609 2A864886 F70D0101 04050030
11310F30 0D060355 04030C06 494F535F 4341301E 170D3039 31313035 31313131
30345A17 0D313031 31303531 31313130 345A303A 31183016 06035504 03130F52
342E6970 65787065 72742E63 6F6D311E 301C0609 2A864886 F70D0109 02160F52
342E6970 65787065 72742E63 6F6D305C 300D0609 2A864886 F70D0101 01050003
4B003048 0241009F 721482CA E129C682 DD0DDCE1 11E5247C D25928F4 944E46B1
202A0B37 6058914C F9544B24 C575A54D 93AAA4A8 F2704C8F 50B72CAA C686330B
231D421F 3FE3AF02 03010001 A3819930 81963047 0603551D 1F044030 3E303CA0
3AA03886 36687474 703A2F2F 382E392E 35302E32 2F636769 2D62696E 2F706B69
636C6965 6E742E65 78653F6F 70657261 74696F6E 3D476574 43524C30 0B060355
1D0F0404 030205A0 301F0603 551D2304 18301680 14A8EE2C F39B1E89 A078632E
424AA210 DDAD498B B5301D06 03551D0E 04160414 F7C8467B E42282DD DBDD4557
7654F340 FFBDC6FC 300D0609 2A864886 F70D0101 04050003 81810046 497BAE40
B6FEF229 9ABB1649 B93A0093 94E6A8D7 68841553 AA8E6EA2 FDB87AB1 8E7A819E
FCE4D067 E9D724F6 6B2F4784 01ABDFB0 14FDC760 C794C2CA F307C1C1 FC23ACF0
85629F33 8E8AB07A C48617E9 41C3D9ED 43E204B8 590FDAE1 F894732B DFE1B39D
B8B09CE5 DC9053FC 51713C18 C155E583 3A3EF48D D1DA5FF4 D2747A
quit
certificate ca 01
308201FB 30820164 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
11310F30 0D060355 04030C06 494F535F 4341301E 170D3039 31313034 30383335
31395A17 0D313231 31303330 38333531 395A3011 310F300D 06035504 030C0649
4F535F43 4130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B099 9BD61EDF 7EBA0A87 723AEAD4 256D07E1 E04E6BCA F9666A14 95A58D1A
90F649F9 34FDCF71 AA4D969E CBBE2FE5 A50E27F6 3FF0AD7A EC1FD782 9880ECE4
3E0F3AAC F963EC9E C4D44B97 561620AB 0620C646 26729AB2 E88779CB 41F4484F
A5D14F19 BD23A54E 54E84664 90F401B0 1D1E2F1D 99AB3B74 E20DBC25 DED4967C
32A50203 010001A3 63306130 0F060355 1D130101 FF040530 030101FF 300E0603
551D0F01 01FF0404 03020186 301F0603 551D2304 18301680 14A8EE2C F39B1E89
A078632E 424AA210 DDAD498B B5301D06 03551D0E 04160414 A8EE2CF3 9B1E89A0
78632E42 4AA210DD AD498BB5 300D0609 2A864886 F70D0101 04050003 8181001D
C01AC687 4BA19759 3F36946A 14941773 A0678095 35863BF5 085BA8B0 88149A65
663A3729 C2528766 959DFCC8 64C8797E 96711506 64EC97FC AED8A096 D6A78FFA
4CEAF3F1 038B46A0 D5EC9C4A 7D3BAF3E E1B982AB EE2D370B E82715EE 379F436B
A45C7AFA 0637E513 6F0D7CEA 9CB05193 D34F94A4 224627D1 38377926 70956E
quit
!
!
vtp version 2
username ipexpert password 0 ipexpert
username cciesec password 0 cisco
archive
log config
hidekeys
!
!
crypto isakmp policy 50
authentication pre-share
!
crypto isakmp policy 60
encr 3des
hash md5
group 2
!
crypto isakmp policy 70
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key cisco address 8.9.50.6
crypto isakmp identity dn
!
crypto isakmp client configuration group CCIE
pool EZPOOL
acl 170
!
crypto isakmp client configuration group REMOTE
key ipexpert
pool EZPOOL2
acl 171
save-password
crypto isakmp profile ISA_PROF
match identity group CCIE
isakmp authorization list EZ_POL
client pki authorization list EZ_PKI
client configuration address respond
virtual-template 2
crypto isakmp profile ISA_PROF2
self-identity address
match identity group REMOTE
client authentication list XAUTH_EXT
isakmp authorization list EZ_EXT
client configuration address respond
virtual-template 3
!
!
crypto ipsec transform-set SET5 esp-3des esp-md5-hmac
crypto ipsec transform-set SET6 esp-3des esp-md5-hmac
crypto ipsec transform-set SET7 esp-3des esp-md5-hmac
!
crypto ipsec profile IPSEC_PROF5
set transform-set SET5
!
crypto ipsec profile IPSEC_PROF6
set transform-set SET6
set reverse-route distance 15
set isakmp-profile ISA_PROF
!
crypto ipsec profile IPSEC_PROF7
set transform-set SET7
set isakmp-profile ISA_PROF2
!
!
!
!
ip ssh version 1
!
!
!
!
interface Loopback44
ip address 10.44.44.4 255.255.255.0
!
interface Tunnel46
ip address 172.16.46.4 255.255.255.0
ip nat outside
ip virtual-reassembly
tunnel source Serial0/0/0
tunnel destination 8.9.50.6
tunnel mode ipsec ipv4
tunnel protection ipsec profile IPSEC_PROF5
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.4.4.4 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/0/0
ip address 8.9.50.4 255.255.255.0
encapsulation frame-relay
ip ospf network broadcast
ip ospf priority 0
frame-relay map ip 8.9.50.2 402 broadcast
frame-relay map ip 8.9.50.5 405 broadcast
frame-relay map ip 8.9.50.6 406 broadcast
no frame-relay inverse-arp
!
interface Virtual-Template2 type tunnel
ip unnumbered Serial0/0/0
tunnel mode ipsec ipv4
tunnel protection ipsec profile IPSEC_PROF6
!
interface Virtual-Template3 type tunnel
ip unnumbered Serial0/0/0
tunnel mode ipsec ipv4
tunnel protection ipsec profile IPSEC_PROF7
!
router eigrp 46
passive-interface default
no passive-interface Tunnel46
network 10.44.44.4 0.0.0.0
network 172.16.46.4 0.0.0.0
no auto-summary
!
router ospf 1
router-id 4.4.4.4
log-adjacency-changes
redistribute static
network 8.9.50.4 0.0.0.0 area 0
!
router rip
version 2
redistribute static
network 10.0.0.0
no auto-summary
!
ip local pool EZPOOL 8.9.100.1 8.9.100.254
ip local pool EZPOOL2 8.9.200.1 8.9.200.254
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source static network 10.4.4.0 10.44.44.0 /24
!
access-list 170 permit ip 10.4.4.0 0.0.0.255 any
access-list 171 permit ip 10.4.4.0 0.0.0.255 any
access-list 172 permit ip host 10.4.4.20 any
!
!
!
!
!
!
radius-server host 8.9.2.100 auth-port 1645 acct-port 1646 key ipexpert
!
control-plane
!
!
!
ccm-manager fax protocol cisco
!
mgcp fax t38 ecm
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
login authentication NO
line aux 0
line vty 0 4
password cisco
!
scheduler allocate 20000 1000
end
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Client
!
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R8
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
no aaa new-model
memory-size iomem 15
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
!
crypto ipsec client ezvpn EZCLIENT
connect manual
group REMOTE key ipexpert
mode client
peer 8.9.50.4
virtual-interface 1
username cciesec password cisco
xauth userid mode local
!
!
!
!
!
!
!
!
interface Loopback8
ip address 8.8.8.8 255.255.255.0
crypto ipsec client ezvpn EZCLIENT inside
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.8.8 255.255.255.0
duplex auto
speed auto
crypto ipsec client ezvpn EZCLIENT
!
interface Serial0/0/0
no ip address
shutdown
!
interface Virtual-Template1 type tunnel
ip unnumbered FastEthernet0/1
tunnel mode ipsec ipv4
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.8.20
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
!
!
!
control-plane
!
!
!
ccm-manager fax protocol cisco
!
mgcp fax t38 ecm
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
password cisco
login
!
scheduler allocate 20000 1000
end
06-06-2013 10:03 AM
hi,
if i recall correctly, i was able to lab this using a dynamic map instead.
i've used this link as reference:
10-06-2013 04:31 PM
hi,
it is all configurtaion problems and some time router issues. try reboot as well. Here is working one ezvpn config
SERVER Config
hostname R1
aaa new-model
!
!
aaa authentication login default local
aaa authorization network default local
!
username cisco password 0 cisco
!
redundancy
!!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
crypto isakmp xauth timeout 90
!
crypto isakmp client configuration group easy
key cisco
domain foo.com
pool dpool
acl 101
save-password
crypto isakmp profile vi
match identity group easy
client authentication list default
isakmp authorization list default
client configuration address respond
client configuration group easy
virtual-template 1
!
!
crypto ipsec transform-set set esp-3des esp-sha-hmac
!
crypto ipsec profile vi
set transform-set set
set isakmp-profile vi
interface Loopback0
ip address 10.4.0.1 255.255.255.0
!
interface FastEthernet0/0
ip address 7.7.7.1 255.255.255.0
duplex auto
speed auto
!
!
interface Virtual-Template1 type tunnel
ip unnumbered FastEthernet0/0
tunnel mode ipsec ipv4
tunnel protection ipsec profile vi
!
ip local pool dpool 10.5.0.1 10.5.0.10
!
access-list 101 permit ip 10.4.0.0 0.0.0.255 any
!
CLIENT CONFIG
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp xauth timeout 5
!
crypto ipsec client ezvpn ez
connect auto
group easy key cisco
mode client
peer 7.7.7.1
virtual-interface 1
username cisco password cisco
xauth userid mode local
!
interface Loopback0
ip address 192.168.1.1 255.255.255.0
crypto ipsec client ezvpn ez inside
!
interface FastEthernet0/0
ip address 7.7.7.2 255.255.255.0
duplex auto
speed auto
crypto ipsec client ezvpn ez
interface Virtual-Template1 type tunnel
no ip address
tunnel mode ipsec ipv4
!
SHOW OUTPUTS
R2#show crypto ipsec client ezvpn
Easy VPN Remote Phase: 6
Tunnel name : ez
Inside interface list: Loopback0
Outside interface: Virtual-Access2 (bound to FastEthernet0/0)
Current State: IPSEC_ACTIVE
Last Event: MTU_CHANGED
Address: 10.5.0.2 (applied on Loopback10000)
Mask: 255.255.255.255
Default Domain: foo.com
Save Password: Allowed
Split Tunnel List: 1
Address : 10.4.0.0
Mask : 255.255.255.0
Protocol : 0x0
Source Port: 0
Dest Port : 0
Current EzVPN Peer: 7.7.7.1
R2#
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
7.0.0.0/24 is subnetted, 1 subnets
C 7.7.7.0 is directly connected, FastEthernet0/0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.5.0.2/32 is directly connected, Loopback10000
S 10.4.0.0/24 [1/0] via 0.0.0.0, Virtual-Access2-------------------Split tunnel route
C 192.168.1.0/24 is directly connected, Loopback0
S* 0.0.0.0/0 is directly connected, FastEthernet0/0
R2#show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id slot status
7.7.7.1 7.7.7.2 QM_IDLE 1001 0 ACTIVE
IPv6 Crypto ISAKMP SA
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide