EZ Vpn phase 1 not completing. Suck in AG_INIT_EXCH
Ive been scratching my head on this one but it might be a breeze for some of you guys. Cant get phase 1 to complete. Any one have an idea why based of the debugs?
Client Debug log is:
https://dl.dropboxusercontent.com/u/20591613/CLIENT.txt
Server debug log is:
https://dl.dropboxusercontent.com/u/20591613/SERVER.txt
Comments
Hi,
Looks like a Phase1 policy mismatch, have you used DH group2 on client side? Would be great if you can post your configs.
Regards,
Cristian.
Thanks for the prompt reply. Yes I am using Group 2. Here you go
Client: https://dl.dropboxusercontent.com/u/20591613/client config.txt
Server: https://dl.dropboxusercontent.com/u/20591613/Server config.txt
Hi,
Your configuration is not complete, for example extended authentication configuration is missing on the server? Plus, try adding ISAKMP policies manually on the client, instead of using the smart defaults. Do you have access to the Technologies Workbook? You have very detauled examples over there.
Regards,
Cristian.
Hi Chris yes I have access to the work books, I actually built my config of that but seems I missed something. A few questions.
By "extended authentication configuration" you mean AAA? My assumption was that this was only necessary for client mode and not NEM and NEM+
Also I did not know I could add the policies manually on the client. I have added it now and its still same so I guess its the xauth im missing. Can you please explain the config you say im missing. Also which section has the defaults in the workbook?
This? "IKEv1 IOS EzVPN Remote in NEM Plus Mode with PSK"?
Hi,
EzVPN requires XAUTH, regardless of the client type (software or hardware), os yes that should be your problem. Yes look at the NEM and NEM Plus mode tasks.
Regards,
Cristian.
Ok so that was helpful I was definitely missing xauth. Reading more now. Thanks a lot