ezvpn fails on 1841 router with multiple dot1q intefaces

Discussion in 'Cisco' started by shawnhenry01@gmail.com, Aug 29, 2006.

  1. Guest

    Have a network that I'm trying to seperate traffic on. Vlan 30 connects
    to coporate network via VPN connection (server is a 3k series
    concentrator). Vlan 20 is private network. I'm setting up dot1q
    encapsulated sub interfaces on the 1841, however, as soon as I add an
    L3 address to the 2nd dot1q interface the VPN connection drops and
    won't connect. Actually, it does connect but it disconnects
    immedeately...

    Config:

    #############################################################

    crypto ipsec client ezvpn DI-FTW
    connect manual
    group IOSClient key *****
    local-address FastEthernet0/0
    mode network-extension
    peer x.x.x.x
    acl 100
    username XXXX password ******
    xauth userid mode local
    !
    interface FastEthernet0/0
    ip address x.x.x.x 255.255.255.248
    ip nat outside
    ip virtual-reassembly
    duplex auto
    speed auto
    no mop enabled
    !
    interface FastEthernet0/1
    no ip address
    speed auto
    full-duplex
    no mop enabled
    !
    interface FastEthernet0/1.20
    encapsulation dot1Q 20
    ### CANT ADD L3 ADDRESS 192.168.1.1 HERE####
    no snmp trap link-status
    !
    interface FastEthernet0/1.30
    encapsulation dot1Q 30
    ip address 172.17.72.1 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    no snmp trap link-status
    crypto ipsec client ezvpn DI-FTW inside
    !
    interface Serial0/0/0
    ip unnumbered FastEthernet0/0
    ip nat outside
    ip virtual-reassembly
    no keepalive
    no fair-queue
    ignore dcd
    crypto ipsec client ezvpn DI-FTW
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 Serial0/0/0
    !
    ip nat inside source list 150 interface FastEthernet0/0 overload
    !
    access-list 1 permit 172.17.72.0 0.0.0.255
    access-list 100 permit ip 172.17.72.0 0.0.0.255 172.16.0.0 0.15.255.255
    access-list 100 permit ip 172.17.72.0 0.0.0.255 10.0.0.0 0.255.255.255

    access-list 150 deny ip 172.17.72.0 0.0.0.255 172.16.0.0 0.15.255.255
    access-list 150 deny ip 172.17.72.0 0.0.0.255 10.0.0.0 0.255.255.255
    access-list 150 permit ip 172.17.72.0 0.0.0.255 any

    #############################################################

    ezvpn debug output:

    ng1-1841router#cry ip cli ez connect DI-FTW
    ng1-1841router#
    *Aug 28 16:08:57.159: EZVPN(DI-FTW): Deleted PSK for address x.x.x.x

    *Aug 28 16:08:57.159: EZVPN(DI-FTW): Current State: CONNECT_REQUIRED
    *Aug 28 16:08:57.159: EZVPN(DI-FTW): Event: CONNECT
    *Aug 28 16:08:57.159: EZVPN(DI-FTW): ezvpn_connect_request
    *Aug 28 16:08:57.159: EZVPN(DI-FTW): Found valid peer x.x.x.x
    *Aug 28 16:08:57.159: EZVPN(DI-FTW): Added PSK for address x.x.x.x

    *Aug 28 16:08:57.163: EZVPN(DI-FTW): New State: READY
    *Aug 28 16:08:58.267: EZVPN(DI-FTW): Current State: READY
    *Aug 28 16:08:58.267: EZVPN(DI-FTW): Event: IKE_PFS
    *Aug 28 16:08:58.267: EZVPN(DI-FTW): No state change
    *Aug 28 16:08:58.267: EZVPN(DI-FTW): Current State: READY
    *Aug 28 16:08:58.267: EZVPN(DI-FTW): Event: CONN_UP
    *Aug 28 16:08:58.267: EZVPN(DI-FTW): ezvpn_conn_up CB19182D 5B3BF259
    E6204325 987A
    05BF
    *Aug 28 16:08:58.267: EZVPN(DI-FTW): No state change
    *Aug 28 16:08:58.947: EZVPN(DI-FTW): Current State: READY
    *Aug 28 16:08:58.947: EZVPN(DI-FTW): Event: XAUTH_REQUEST
    *Aug 28 16:08:58.947: EZVPN(DI-FTW): ezvpn_xauth_request
    *Aug 28 16:08:58.947: EZVPN(DI-FTW): ezvpn_parse_xauth_msg
    *Aug 28 16:08:58.947: EZVPN: Attributes sent in xauth request message:
    *Aug 28 16:08:58.947: XAUTH_TYPE_V2(DI-FTW): 0
    *Aug 28 16:08:58.947: XAUTH_USER_NAME_V2(DI-FTW):
    *Aug 28 16:08:58.947: XAUTH_USER_PASSWORD_V2(DI-FTW):
    *Aug 28 16:08:58.951: XAUTH_MESSAGE_V2(DI-FTW) <Enter Username
    and Passwor
    d.>
    *Aug 28 16:08:58.951: EZVPN(DI-FTW): send saved username XXXX and
    password <
    omitted>
    *Aug 28 16:08:58.951: EZVPN(DI-FTW): New State: XAUTH_REQ
    *Aug 28 16:08:58.951: EZVPN(DI-FTW): Current State: XAUTH_REQ
    *Aug 28 16:08:58.951: EZVPN(DI-FTW): Event: XAUTH_REQ_INFO_READY
    *Aug 28 16:08:58.951: EZVPN(DI-FTW): ezvpn_xauth_reply
    *Aug 28 16:08:58.951: XAUTH_TYPE_V2(DI-FTW): 0
    *Aug 28 16:08:58.951: XAUTH_USER_NAME_V2(DI-FTW): XXXX
    *Aug 28 16:08:58.951: XAUTH_USER_PASSWORD_V2(DI-FTW): <omitted>
    *Aug 28 16:08:58.951: EZVPN(DI-FTW): New State: XAUTH_REPLIED
    *Aug 28 16:08:59.935: EZVPN(DI-FTW): Current State: XAUTH_REPLIED
    *Aug 28 16:08:59.935: EZVPN(DI-FTW): Event: XAUTH_STATUS
    *Aug 28 16:08:59.935: EZVPN(DI-FTW): xauth status received: Success
    *Aug 28 16:08:59.935: EZVPN(DI-FTW): New State: READY
    *Aug 28 16:09:00.623: EZVPN(DI-FTW): Current State: READY
    *Aug 28 16:09:00.623: EZVPN(DI-FTW): Event: MODE_CONFIG_REPLY
    *Aug 28 16:09:00.623: EZVPN(DI-FTW): ezvpn_mode_config CB19182D
    5B3BF259 E6204325
    987A05BF CB19182D 5B3BF259 E6204325 987A05BF CB19182D 5B3BF259 E6204325
    987A05BF C
    B19182D 5B3BF259 E6204325 987A05BF
    *Aug 28 16:09:00.631: EZVPN(DI-FTW): ezvpn_parse_mode_config_msg
    *Aug 28 16:09:00.631: EZVPN: Attributes sent in message:
    *Aug 28 16:09:00.631: DNS Primary: 172.18.0.10
    *Aug 28 16:09:00.631: DNS Secondary: 172.18.1.10
    *Aug 28 16:09:00.631: NBMS/WINS Primary: 172.18.0.13
    *Aug 28 16:09:00.631: NBMS/WINS Secondary: 172.18.28.29
    *Aug 28 16:09:00.631: Savepwd on
    *Aug 28 16:09:00.631: Split Tunnel List: 1
    *Aug 28 16:09:00.631: Address : 172.16.0.0
    *Aug 28 16:09:00.631: Mask : 255.240.0.0
    *Aug 28 16:09:00.631: Protocol : 0x0
    *Aug 28 16:09:00.631: Source Port: 0
    *Aug 28 16:09:00.631: Dest Port : 0
    *Aug 28 16:09:00.631: Split Tunnel List: 2
    *Aug 28 16:09:00.631: Address : 10.0.0.0
    *Aug 28 16:09:00.635: Mask : 255.0.0.0
    *Aug 28 16:09:00.635: Protocol : 0x0
    *Aug 28 16:09:00.635: Source Port: 0
    *Aug 28 16:09:00.635: Dest Port : 0
    *Aug 28 16:09:00.635: Default Domain: xx.somedomain.xx
    *Aug 28 16:09:00.635: EZVPN: Unknown/Unsupported Attr:
    APPLICATION_VERSION (0x7)
    *Aug 28 16:09:00.635: EZVPN(DI-FTW): ezvpn_nat_config
    *Aug 28 16:09:00.639: EZVPN(DI-FTW): New State: SS_OPEN
    *Aug 28 16:09:00.655: EZVPN(DI-FTW): Current State: SS_OPEN
    *Aug 28 16:09:00.655: EZVPN(DI-FTW): Event: SOCKET_READY
    *Aug 28 16:09:00.655: EZVPN(DI-FTW): No state change
    *Aug 28 16:09:00.659: EZVPN(DI-FTW): Current State: SS_OPEN
    *Aug 28 16:09:00.659: EZVPN(DI-FTW): Event: SOCKET_READY
    *Aug 28 16:09:00.659: EZVPN(DI-FTW): No state change
    *Aug 28 16:09:00.667: EZVPN(DI-FTW): Current State: SS_OPEN
    *Aug 28 16:09:00.667: EZVPN(DI-FTW): Event: SOCKET_READY
    *Aug 28 16:09:00.667: EZVPN(DI-FTW): No state change
    *Aug 28 16:09:00.667: EZVPN(DI-FTW): Current State: SS_OPEN
    *Aug 28 16:09:00.667: EZVPN(DI-FTW): Event: SOCKET_READY
    *Aug 28 16:09:00.667: EZVPN(DI-FTW): No state change
    *Aug 28 16:09:00.667: EZVPN(DI-FTW): Current State: SS_OPEN
    *Aug 28 16:09:00.667: EZVPN(DI-FTW): Event: SOCKET_READY
    *Aug 28 16:09:00.667: EZVPN(DI-FTW): No state change
    *Aug 28 16:09:00.667: EZVPN(DI-FTW): Current State: SS_OPEN
    *Aug 28 16:09:00.667: EZVPN(DI-FTW): Event: SOCKET_READY
    *Aug 28 16:09:00.667: EZVPN(DI-FTW): No state change
    *Aug 28 16:09:00.671: EZVPN(DI-FTW): Current State: SS_OPEN
    *Aug 28 16:09:00.671: EZVPN(DI-FTW): Event: SOCKET_READY
    *Aug 28 16:09:00.671: EZVPN(DI-FTW): No state change
    *Aug 28 16:09:00.671: EZVPN(DI-FTW): Current State: SS_OPEN
    *Aug 28 16:09:00.671: EZVPN(DI-FTW): Event: SOCKET_READY
    *Aug 28 16:09:00.671: EZVPN(DI-FTW): No state change
    *Aug 28 16:09:01.367: EZVPN(DI-FTW): Current State: SS_OPEN
    *Aug 28 16:09:01.367: EZVPN(DI-FTW): Event: MTU_CHANGED
    *Aug 28 16:09:01.367: EZVPN(DI-FTW): No state change
    *Aug 28 16:09:01.367: EZVPN(DI-FTW): Current State: SS_OPEN
    *Aug 28 16:09:01.367: EZVPN(DI-FTW): Event: SOCKET_UP
    *Aug 28 16:09:01.367: ezvpn_socket_up
    *Aug 28 16:09:01.367: %CRYPTO-6-EZVPN_CONNECTION_UP: (Client)
    User=XXXX Gr
    oup=IOSClient Server_public_addr=x.x.x.x
    NEM_Remote_Subnets=172.17.72.0/255.2
    55.255.0 172.1
    *Aug 28 16:09:01.371: EZVPN(DI-FTW): Tunnel UP! Letting user know about
    it
    *Aug 28 16:09:01.371: EZVPN(DI-FTW): New State: IPSEC_ACTIVE
    *Aug 28 16:09:01.391: EZVPN(DI-FTW): Current State: IPSEC_ACTIVE
    *Aug 28 16:09:01.391: EZVPN(DI-FTW): Event: MTU_CHANGED
    *Aug 28 16:09:01.391: EZVPN(DI-FTW): No state change
    *Aug 28 16:09:01.391: EZVPN(DI-FTW): Current State: IPSEC_ACTIVE
    *Aug 28 16:09:01.391: EZVPN(DI-FTW): Event: SOCKET_UP
    *Aug 28 16:09:01.391: ezvpn_socket_up
    *Aug 28 16:09:01.391: EZVPN(DI-FTW): Tunnel UP! Letting user know about
    it
    *Aug 28 16:09:01.391: EZVPN(DI-FTW): No state change
    *Aug 28 16:09:01.407: EZVPN(DI-FTW): Current State: IPSEC_ACTIVE
    *Aug 28 16:09:01.407: EZVPN(DI-FTW): Event: MTU_CHANGED
    *Aug 28 16:09:01.407: EZVPN(DI-FTW): No state change
    *Aug 28 16:09:01.407: EZVPN(DI-FTW): Current State: IPSEC_ACTIVE
    *Aug 28 16:09:01.407: EZVPN(DI-FTW): Event: SOCKET_UP
    *Aug 28 16:09:01.407: ezvpn_socket_up
    *Aug 28 16:09:01.407: EZVPN(DI-FTW): Tunnel UP! Letting user know about
    it
    *Aug 28 16:09:01.407: EZVPN(DI-FTW): No state change
    *Aug 28 16:09:01.431: EZVPN(DI-FTW): Current State: IPSEC_ACTIVE
    *Aug 28 16:09:01.431: EZVPN(DI-FTW): Event: MTU_CHANGED
    *Aug 28 16:09:01.431: EZVPN(DI-FTW): No state change
    *Aug 28 16:09:01.431: EZVPN(DI-FTW): Current State: IPSEC_ACTIVE
    *Aug 28 16:09:01.431: EZVPN(DI-FTW): Event: SOCKET_UP
    *Aug 28 16:09:01.431: ezvpn_socket_up
    *Aug 28 16:09:01.435: EZVPN(DI-FTW): Tunnel UP! Letting user know about
    it
    *Aug 28 16:09:01.435: EZVPN(DI-FTW): No state change
    *Aug 28 16:09:02.143: EZVPN(DI-FTW): Current State: IPSEC_ACTIVE
    *Aug 28 16:09:02.143: EZVPN(DI-FTW): Event: SOCKET_DOWN
    *Aug 28 16:09:02.143: EZVPN: ezvpn_socket_down
    *Aug 28 16:09:02.143: EZVPN: Current peer down is x.x.x.x
    *Aug 28 16:09:02.143: EZVPN(DI-FTW): No state change
    *Aug 28 16:09:02.151: EZVPN(DI-FTW): Current State: IPSEC_ACTIVE
    *Aug 28 16:09:02.151: EZVPN(DI-FTW): Event: SOCKET_DOWN
    *Aug 28 16:09:02.151: EZVPN: ezvpn_socket_down
    *Aug 28 16:09:02.151: EZVPN: Current peer down is x.x.x.x
    *Aug 28 16:09:02.151: EZVPN(DI-FTW): No state change
    *Aug 28 16:09:02.151: EZVPN(DI-FTW): Current State: IPSEC_ACTIVE
    *Aug 28 16:09:02.151: EZVPN(DI-FTW): Event: SOCKET_DOWN
    *Aug 28 16:09:02.151: EZVPN: ezvpn_socket_down
    *Aug 28 16:09:02.151: EZVPN: Current peer down is x.x.x.x
    *Aug 28 16:09:02.151: EZVPN(DI-FTW): No state change
    *Aug 28 16:09:02.151: EZVPN(DI-FTW): Current State: IPSEC_ACTIVE
    *Aug 28 16:09:02.151: EZVPN(DI-FTW): Event: SOCKET_DOWN
    *Aug 28 16:09:02.151: EZVPN: ezvpn_socket_down
    *Aug 28 16:09:02.151: EZVPN: Current peer down is x.x.x.x
    *Aug 28 16:09:02.151: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client)
    User=XXXX
    Group=IOSClient Server_public_addr=x.x.x.x
    *Aug 28 16:09:02.151: EZVPN(DI-FTW): No state change
    *Aug 28 16:09:02.151: EZVPN(DI-FTW): Current State: IPSEC_ACTIVE
    *Aug 28 16:09:02.151: EZVPN(DI-FTW): Event: CONN_DOWN
    *Aug 28 16:09:02.151: EZVPN(DI-FTW): New active peer is x.x.x.x
    *Aug 28 16:09:02.151: EZVPN(DI-FTW): Ready to connect to peer x.x.x.x
    *Aug 28 16:09:02.151: EZVPN(DI-FTW): ezvpn_close CB19182D 5B3BF259
    E6204325 987A05 BF
    CB19182D 5B3BF259 E6204325 987A05BF CB19182D 5B3BF259 E6204325 987A05BF
    CB19182 D 5B3BF259
    E6204325 987A05BF CB19182D 5B3BF259 E6204325 987A05BF CB19182D 5B3BF259
    E6204325 987A05BF
    CB19182D 5B3BF259 E6204325 987A05BF CB19182D 5B3BF259 E6204325
    987A05BF
    *Aug 28 16:09:02.163: EZVPN(DI-FTW): Deleted PSK for address x.x.x.x

    *Aug 28 16:09:02.163: EZVPN(DI-FTW): ezvpn_reset
    *Aug 28 16:09:02.167: EZVPN(DI-FTW): New State: CONNECT_REQUIRED
    , Aug 29, 2006
    #1
    1. Advertising

  2. Guest

    Fixed it. Had to remove the ezvpn config from ther interfaces then
    re-add it. Must be a bug in the ezvpn code. I'm sure a reboot would
    have taken care of it too.
    , Aug 29, 2006
    #2
    1. Advertising

  3. AN Guest

    Try removing the crypto and adding it back on next time.


    <> wrote in message
    news:...
    > Fixed it. Had to remove the ezvpn config from ther interfaces then
    > re-add it. Must be a bug in the ezvpn code. I'm sure a reboot would
    > have taken care of it too.
    >
    AN, Sep 2, 2006
    #3
  4. Guest

    AN wrote:
    > Try removing the crypto and adding it back on next time.
    >
    >
    > <> wrote in message
    > news:...
    > > Fixed it. Had to remove the ezvpn config from ther interfaces then
    > > re-add it. Must be a bug in the ezvpn code. I'm sure a reboot would
    > > have taken care of it too.


    Thanks for the update. It is easy to forget that
    the config process can go awry since it is usually
    robust.
    , Sep 2, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tag
    Replies:
    0
    Views:
    2,406
  2. bvlmv

    IOS FOR TRUNKING (ISL/dot1q)

    bvlmv, May 1, 2004, in forum: Cisco
    Replies:
    6
    Views:
    2,878
    Erik Tamminga
    May 2, 2004
  3. DCS
    Replies:
    0
    Views:
    1,246
  4. =?ISO-8859-15?Q?J=F6rg_Sch=FCtter?=

    ezvpn w/ router which has changing public address (PPPoE)

    =?ISO-8859-15?Q?J=F6rg_Sch=FCtter?=, Mar 5, 2006, in forum: Cisco
    Replies:
    1
    Views:
    922
    Walter Roberson
    Mar 5, 2006
  5. Arthur Brain
    Replies:
    2
    Views:
    1,706
    Arthur Brain
    Jul 6, 2007
Loading...

Share This Page