Good afternoon...
I need help please
I´m having a problem with my Cisco 876. I´m trying to make a EZVPN connection with a Cisco VPN Concentrator 3000.
Strangely enough, when I make the connection through my ISDN connection, it works fine, but when I try it through my ADSL connection, I have no luck.
It gives me this error:
*Mar 1 02:36:02.199: EZVPN(ADSL): Current State: READY
*Mar 1 02:36:02.199: EZVPN(ADSL): Event: RESET
*Mar 1 02:36:02.199: EZVPN(ADSL): New active peer is 213.xxx.xxx.xxx
*Mar 1 02:36:02.199: EZVPN(ADSL): ezvpn_close
*Mar 1 02:36:02.199: EZVPN(ADSL): Deleted PSK for address 213.xxx.xxx.xxx
My IOS version is flash:c870-adventerprisek9-mz.123-8.YI3.bin.
This is my config:
Current configuration : 4724 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname saxxxx
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$uwQ1$xaOH7rlgygpsadWR2kjar/
!
username XXX-XXX password 7 0800634005100B12021C08
no aaa new-model
ip subnet-zero
ip cef
!
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool CLIENT
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
dns-server 172.16.xxx.xxx 172.16.xxx.xxx
!
!
no ip domain lookup
ip ips po max-events 100
no ftp-server write-enable
isdn switch-type basic-net3
!
!
!
!
!
!
crypto ipsec client ezvpn ISDN
connect auto
group AOVPNbck key AOVPNbckkey
mode client
peer 213.xxx.xxx.xxx
username saXXXX@backup password saXXXX
xauth userid mode local
crypto ipsec client ezvpn ADSL
connect auto
group XXXVPN key XXXVPNkey
mode client
peer 213.xxx.xxx.xxx
username saXXX@adsl password saXXXX
xauth userid mode local
!
!
!
interface Loopback0
ip address 172.xxx.xxx.xxx 255.255.255.255
!
interface BRI0
description Acess ISDN
no ip address
encapsulation ppp
dialer pool-member 2
isdn switch-type basic-net3
isdn point-to-point-setup
no peer default ip address
no cdp enable
ppp authentication chap
no ppp chap wait
!
interface ATM0
description Interface ADSL 512/128
no ip address
no ip mroute-cache
load-interval 30
atm vc-per-vp 64
no atm ilmi-keepalive
pvc 0/35
encapsulation aal5snap
pppoe-client dial-pool-number 1
!
dsl operating-mode auto
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Virtual-Template1
no ip address
!
interface Vlan1
description Local Agent
ip address 10.10.10.1 255.255.255.248
ip virtual-reassembly
crypto ipsec client ezvpn ISDN inside
!
interface Dialer1
description ADSL 512/128
ip address negotiated
ip mtu 1492
ip virtual-reassembly
encapsulation ppp
no ip route-cache cef
no ip route-cache
ip tcp adjust-mss 1452
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname awxxxxx@xxxx.pt
ppp chap password 7 040E273058111F192C
ppp pap sent-username awxxxx@xxxx.pt password 7 055E2A39767C1D5E3C
ppp ipcp dns request
ppp ipcp wins request
crypto ipsec client ezvpn ADSL
hold-queue 224 in
!
interface Dialer2
description Acess ISDN Backup
bandwidth 64
ip address negotiated
ip access-group AGENTES in
encapsulation ppp
no ip route-cache cef
no ip route-cache
no ip mroute-cache
dialer pool 2
dialer string 679XXXXX
dialer-group 1
no peer default ip address
no cdp enable
ppp authentication chap callin
ppp chap hostname xxxxxx
ppp chap password 7 00121514500859571E20
no ppp chap wait
crypto ipsec client ezvpn ISDN
!
interface Dialer3
description Acess ISDN de Gestao
bandwidth 64
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
no ip route-cache cef
no ip route-cache
no ip mroute-cache
dialer pool 2
dialer remote-name XXXXX
no peer default ip address
no cdp enable
ppp authentication chap
no ppp chap wait
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer2
ip route 0.0.0.0 0.0.0.0 Dialer1 200
ip route 10.xxx.xxx.xxx 255.255.255.224 Dialer3
ip route 10.xxx.xxx.xxx 255.255.255.192 Dialer3
ip route 193.xxx.xxx.xxx 255.255.255.0 Dialer3
!
!
no ip http server
no ip http secure-server
ip nat inside source static tcp 10.10.10.2 139 interface Dialer3 139
ip nat inside source static tcp 10.10.10.2 5900 interface Dialer3 5900
!
ip access-list extended AGENTES
permit esp any any
permit udp any any eq isakmp
deny ip any any
!
access-list 20 permit 10.xxx.xxx.xxx
access-list 20 permit 10.xxx.xxx.xxx 0.0.0.31
access-list 20 permit 10.xxx.xxx.xxx 0.0.0.63
access-list 20 permit 172.xxx.xxx.xxx 0.0.0.255
access-list 20 permit 172.xxx.xxx.xxx 0.0.0.255
access-list 20 permit 172.xxx.xxx.xxx 0.0.63.255
access-list 20 permit 172.xxx.xxx.xxx 0.0.0.255
permit esp any any
permit udp any any eq isakmp
deny ip any any
!
access-list 20 permit 10.xxx.xxx.xxx
access-list 20 permit 10.xxx.xxx.xxx 0.0.0.31
access-list 20 permit 10.xxx.xxx.xxx 0.0.0.63
access-list 20 permit 172.xxx.xxx.xxx 0.0.0.255
access-list 20 permit 172.xxx.xxx.xxx 0.0.0.255
access-list 20 permit 172.xxx.xxx.xxx 0.0.63.255
access-list 20 permit 172.xxx.xxx.xxx 0.0.0.255
access-list 20 permit 193.xxx.xxx.xxx 0.0.0.255
access-list 101 deny ip any 0.0.0.255 255.255.255.0
access-list 101 deny udp any any eq ntp
access-list 101 deny ip any 224.xxx.xxx.xxx 15.255.255.255
access-list 101 permit ip any any
dialer-list 1 protocol ip list 101
!
!
control-plane
!
!
line con 0
privilege level 15
password 7 15110402172527212C3A3B241C15
login
no modem enable
transport preferred all
transport output all
line aux 0
transport preferred all
transport output all
line vty 0 4
password 7 1106170C
login
transport preferred all
transport input all
transport output all
!
scheduler max-task-time 5000
end
I´ve tried to configure Vlan 1 with crypto ipsec client ezvpn ADSL inside but no luck.
Any ideas?
Thkx
I need help please
I´m having a problem with my Cisco 876. I´m trying to make a EZVPN connection with a Cisco VPN Concentrator 3000.
Strangely enough, when I make the connection through my ISDN connection, it works fine, but when I try it through my ADSL connection, I have no luck.
It gives me this error:
*Mar 1 02:36:02.199: EZVPN(ADSL): Current State: READY
*Mar 1 02:36:02.199: EZVPN(ADSL): Event: RESET
*Mar 1 02:36:02.199: EZVPN(ADSL): New active peer is 213.xxx.xxx.xxx
*Mar 1 02:36:02.199: EZVPN(ADSL): ezvpn_close
*Mar 1 02:36:02.199: EZVPN(ADSL): Deleted PSK for address 213.xxx.xxx.xxx
My IOS version is flash:c870-adventerprisek9-mz.123-8.YI3.bin.
This is my config:
Current configuration : 4724 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname saxxxx
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$uwQ1$xaOH7rlgygpsadWR2kjar/
!
username XXX-XXX password 7 0800634005100B12021C08
no aaa new-model
ip subnet-zero
ip cef
!
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool CLIENT
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
dns-server 172.16.xxx.xxx 172.16.xxx.xxx
!
!
no ip domain lookup
ip ips po max-events 100
no ftp-server write-enable
isdn switch-type basic-net3
!
!
!
!
!
!
crypto ipsec client ezvpn ISDN
connect auto
group AOVPNbck key AOVPNbckkey
mode client
peer 213.xxx.xxx.xxx
username saXXXX@backup password saXXXX
xauth userid mode local
crypto ipsec client ezvpn ADSL
connect auto
group XXXVPN key XXXVPNkey
mode client
peer 213.xxx.xxx.xxx
username saXXX@adsl password saXXXX
xauth userid mode local
!
!
!
interface Loopback0
ip address 172.xxx.xxx.xxx 255.255.255.255
!
interface BRI0
description Acess ISDN
no ip address
encapsulation ppp
dialer pool-member 2
isdn switch-type basic-net3
isdn point-to-point-setup
no peer default ip address
no cdp enable
ppp authentication chap
no ppp chap wait
!
interface ATM0
description Interface ADSL 512/128
no ip address
no ip mroute-cache
load-interval 30
atm vc-per-vp 64
no atm ilmi-keepalive
pvc 0/35
encapsulation aal5snap
pppoe-client dial-pool-number 1
!
dsl operating-mode auto
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Virtual-Template1
no ip address
!
interface Vlan1
description Local Agent
ip address 10.10.10.1 255.255.255.248
ip virtual-reassembly
crypto ipsec client ezvpn ISDN inside
!
interface Dialer1
description ADSL 512/128
ip address negotiated
ip mtu 1492
ip virtual-reassembly
encapsulation ppp
no ip route-cache cef
no ip route-cache
ip tcp adjust-mss 1452
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname awxxxxx@xxxx.pt
ppp chap password 7 040E273058111F192C
ppp pap sent-username awxxxx@xxxx.pt password 7 055E2A39767C1D5E3C
ppp ipcp dns request
ppp ipcp wins request
crypto ipsec client ezvpn ADSL
hold-queue 224 in
!
interface Dialer2
description Acess ISDN Backup
bandwidth 64
ip address negotiated
ip access-group AGENTES in
encapsulation ppp
no ip route-cache cef
no ip route-cache
no ip mroute-cache
dialer pool 2
dialer string 679XXXXX
dialer-group 1
no peer default ip address
no cdp enable
ppp authentication chap callin
ppp chap hostname xxxxxx
ppp chap password 7 00121514500859571E20
no ppp chap wait
crypto ipsec client ezvpn ISDN
!
interface Dialer3
description Acess ISDN de Gestao
bandwidth 64
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
no ip route-cache cef
no ip route-cache
no ip mroute-cache
dialer pool 2
dialer remote-name XXXXX
no peer default ip address
no cdp enable
ppp authentication chap
no ppp chap wait
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer2
ip route 0.0.0.0 0.0.0.0 Dialer1 200
ip route 10.xxx.xxx.xxx 255.255.255.224 Dialer3
ip route 10.xxx.xxx.xxx 255.255.255.192 Dialer3
ip route 193.xxx.xxx.xxx 255.255.255.0 Dialer3
!
!
no ip http server
no ip http secure-server
ip nat inside source static tcp 10.10.10.2 139 interface Dialer3 139
ip nat inside source static tcp 10.10.10.2 5900 interface Dialer3 5900
!
ip access-list extended AGENTES
permit esp any any
permit udp any any eq isakmp
deny ip any any
!
access-list 20 permit 10.xxx.xxx.xxx
access-list 20 permit 10.xxx.xxx.xxx 0.0.0.31
access-list 20 permit 10.xxx.xxx.xxx 0.0.0.63
access-list 20 permit 172.xxx.xxx.xxx 0.0.0.255
access-list 20 permit 172.xxx.xxx.xxx 0.0.0.255
access-list 20 permit 172.xxx.xxx.xxx 0.0.63.255
access-list 20 permit 172.xxx.xxx.xxx 0.0.0.255
permit esp any any
permit udp any any eq isakmp
deny ip any any
!
access-list 20 permit 10.xxx.xxx.xxx
access-list 20 permit 10.xxx.xxx.xxx 0.0.0.31
access-list 20 permit 10.xxx.xxx.xxx 0.0.0.63
access-list 20 permit 172.xxx.xxx.xxx 0.0.0.255
access-list 20 permit 172.xxx.xxx.xxx 0.0.0.255
access-list 20 permit 172.xxx.xxx.xxx 0.0.63.255
access-list 20 permit 172.xxx.xxx.xxx 0.0.0.255
access-list 20 permit 193.xxx.xxx.xxx 0.0.0.255
access-list 101 deny ip any 0.0.0.255 255.255.255.0
access-list 101 deny udp any any eq ntp
access-list 101 deny ip any 224.xxx.xxx.xxx 15.255.255.255
access-list 101 permit ip any any
dialer-list 1 protocol ip list 101
!
!
control-plane
!
!
line con 0
privilege level 15
password 7 15110402172527212C3A3B241C15
login
no modem enable
transport preferred all
transport output all
line aux 0
transport preferred all
transport output all
line vty 0 4
password 7 1106170C
login
transport preferred all
transport input all
transport output all
!
scheduler max-task-time 5000
end
I´ve tried to configure Vlan 1 with crypto ipsec client ezvpn ADSL inside but no luck.
Any ideas?
Thkx