Strange VPN problem [7:73641]
hi all, I am trying to setup a easy VPN solution for a cisco 837 to a cisco VPN concentrator 3005 using network extension mode but I keep getting this error msg "Aug 7 13:08:16.571: EZVPN(mendelvpn): Pending XAuth Request, Please enter the following command: Aug 7 13:08:16.571: EZVPN: crypto ipsec client ezvpn xauth" Any form of input will be appreciated suaveguru __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73641&t=73641 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Strange VPN problem [7:73641]
thanks for your answer , I will try and let you know the results. regards, suaveguru --- [EMAIL PROTECTED] wrote: > GURU: > XAUTH is in my perception for authentication of > users, (local) escpecially > radius or tacacs. > > So what we do at the hub site for a static IKE peer > is disable XAUTH, so > that a spoke router does not get an auth prompt, or > the hub does not wait > for it. > > So I think the HUb is waiting for an answer, maybe > used to authenticate VPN > users only. > > > > WHAT DID YOU PUT AT THE SCREEN IKE PROPOSALS? You > need Preshareds keys > there! > 8. > The following example shows the various policies > used in the IKE policy > named "CiscoVPNClient-3DES-MD". > In this policy, Preshared Keys(XAUTH) for > Authentication Mode is being used > so that the client will be prompted to supply a > username and password at the > end of IKE negotiations. > > http://www.cisco.com/en/US/products/sw/secursw/ps2276/products_configuration > _example09186a008010edf4.shtml#task2_steps > > Martijn > > > > -Oorspronkelijk bericht----- > Van: suaveguru [mailto:[EMAIL PROTECTED] > Verzonden: donderdag 7 augustus 2003 9:40 > Aan: Jansen, M > Onderwerp: RE: Strange VPN problem [7:73641] > > > thanks for your prompt reply , but I am using > easyvpn > configuration for cisco 805 router to concentrator > 3005 with the cisco 805 as client mode and > concentrator as hub . I can't find the line that you > indicate for my cisco 805 , could it be easyvpn > configuration that i am using? > > suaveguru > --- [EMAIL PROTECTED] wrote: > > Guru. > > > > Type the no-xauth behind the key-mapping. > > > > > > > > isakmp key **NEWKEYNEWCUSTO** address x.x.x.x > > netmask 255.255.255.255 > > no-xauth no-config-mode > > > > > > > > Martijn > > > > > > -Oorspronkelijk bericht- > > Van: suaveguru [mailto:[EMAIL PROTECTED] > > Verzonden: donderdag 7 augustus 2003 7:08 > > Aan: [EMAIL PROTECTED] > > Onderwerp: Strange VPN problem [7:73641] > > > > > > hi all, > > > > I am trying to setup a easy VPN solution for a > cisco > > 837 to a cisco VPN concentrator 3005 using network > > extension mode but I keep getting this error msg > > "Aug > > 7 13:08:16.571: EZVPN(mendelvpn): Pending XAuth > > Request, Please enter the following command: > > Aug 7 13:08:16.571: EZVPN: crypto ipsec client > > ezvpn > > xauth" > > > > Any form of input will be appreciated > > > > suaveguru > > > > __ > > Do you Yahoo!? > > Yahoo! SiteBuilder - Free, easy-to-use web site > > design software > > http://sitebuilder.yahoo.com > > **Please support GroupStudy by purchasing from the > > GroupStudy Store: > > http://shop.groupstudy.com > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > __ > Do you Yahoo!? > Yahoo! SiteBuilder - Free, easy-to-use web site > design software > http://sitebuilder.yahoo.com __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73651&t=73641 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Strange VPN problem [7:73641]
Does anyone read the manuals around here??? http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/secu r_r/sec_c2g.htm#1070272 You probably have your IKE proposal in your concentrator set for XAUTH, and you don't have your router setup for that. You can configure your router as the reference manual says, or you }may{ be able to add in a new or modify an existing IKE policy under Configuration | System | Tunneling Protocols | IPSec | IKE Proposals so that the Authentication mode is not one that has (XAUTH) at the end of it. Probably "Preshared Keys" would be the one you want. If you create a new one (recommended) they you would have to change the IKE policy used for your SA under Configuration | Policy Management | Traffic Management | SAs. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: suaveguru [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 1:08 AM To: [EMAIL PROTECTED] Subject: Strange VPN problem [7:73641] hi all, I am trying to setup a easy VPN solution for a cisco 837 to a cisco VPN concentrator 3005 using network extension mode but I keep getting this error msg "Aug 7 13:08:16.571: EZVPN(mendelvpn): Pending XAuth Request, Please enter the following command: Aug 7 13:08:16.571: EZVPN: crypto ipsec client ezvpn xauth" Any form of input will be appreciated suaveguru __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73661&t=73641 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Strange VPN problem [7:73641]
Get the latest version of CRWS (Cisco Router Web Setup) then yo can use Xauth with a nice web front end. The IOS based version is in my opinion - unusable & not for end users. Joel. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 07 August 2003 15:31 To: [EMAIL PROTECTED] Subject: RE: Strange VPN problem [7:73641] XAUTH is in my perception for authentication of users, (local) escpecially radius or tacacs. So what we do at the hub site for a static IKE peer is disable XAUTH, so that a spoke router does not get an auth prompt, or the hub does not wait for it. So I think the HUb is waiting for an answer, maybe used to authenticate VPN users only. WHAT DID YOU PUT AT THE SCREEN IKE PROPOSALS? You need Preshareds keys there! 8. The following example shows the various policies used in the IKE policy named "CiscoVPNClient-3DES-MD". In this policy, Preshared Keys(XAUTH) for Authentication Mode is being used so that the client will be prompted to supply a username and password at the end of IKE negotiations. http://www.cisco.com/en/US/products/sw/secursw/ps2276/products_configuration _example09186a008010edf4.shtml#task2_steps Martijn -Oorspronkelijk bericht- Van: suaveguru [mailto:[EMAIL PROTECTED] Verzonden: donderdag 7 augustus 2003 9:40 Aan: Jansen, M Onderwerp: RE: Strange VPN problem [7:73641] thanks for your prompt reply , but I am using easyvpn configuration for cisco 805 router to concentrator 3005 with the cisco 805 as client mode and concentrator as hub . I can't find the line that you indicate for my cisco 805 , could it be easyvpn configuration that i am using? suaveguru --- [EMAIL PROTECTED] wrote: > Guru. > > Type the no-xauth behind the key-mapping. > > > > isakmp key **NEWKEYNEWCUSTO** address x.x.x.x > netmask 255.255.255.255 > no-xauth no-config-mode > > > > Martijn > > > -Oorspronkelijk bericht- > Van: suaveguru [mailto:[EMAIL PROTECTED] > Verzonden: donderdag 7 augustus 2003 7:08 > Aan: [EMAIL PROTECTED] > Onderwerp: Strange VPN problem [7:73641] > > > hi all, > > I am trying to setup a easy VPN solution for a cisco > 837 to a cisco VPN concentrator 3005 using network > extension mode but I keep getting this error msg > "Aug > 7 13:08:16.571: EZVPN(mendelvpn): Pending XAuth > Request, Please enter the following command: > Aug 7 13:08:16.571: EZVPN: crypto ipsec client > ezvpn > xauth" > > Any form of input will be appreciated > > suaveguru > > __ > Do you Yahoo!? > Yahoo! SiteBuilder - Free, easy-to-use web site > design software > http://sitebuilder.yahoo.com > **Please support GroupStudy by purchasing from the > GroupStudy Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html === This message has been checked for all known viruses by the Sirocom Virus Scanning Service === === This message has been checked for all known viruses by the Sirocom Virus Scanning Service WWW.SIROCOM.COM === Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73668&t=73641 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Strange VPN problem [7:73641]
I have done that but now more problems crop in look at my latest mail with attatchment suaveguru --- "[EMAIL PROTECTED]" wrote: > Guru. > > Type the no-xauth behind the key-mapping. > > > > isakmp key **NEWKEYNEWCUSTO** address x.x.x.x > netmask 255.255.255.255 > no-xauth no-config-mode > > > > Martijn > > > -Oorspronkelijk bericht- > Van: suaveguru [mailto:[EMAIL PROTECTED] > Verzonden: donderdag 7 augustus 2003 7:08 > Aan: [EMAIL PROTECTED] > Onderwerp: Strange VPN problem [7:73641] > > > hi all, > > I am trying to setup a easy VPN solution for a cisco > 837 to a cisco VPN concentrator 3005 using network > extension mode but I keep getting this error msg > "Aug > 7 13:08:16.571: EZVPN(mendelvpn): Pending XAuth > Request, Please enter the following command: > Aug 7 13:08:16.571: EZVPN: crypto ipsec client > ezvpn > xauth" > > Any form of input will be appreciated > > suaveguru > > __ > Do you Yahoo!? > Yahoo! SiteBuilder - Free, easy-to-use web site > design software > http://sitebuilder.yahoo.com > **Please support GroupStudy by purchasing from the > GroupStudy Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > **Please support GroupStudy by purchasing from the > GroupStudy Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73705&t=73641 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Strange VPN problem [7:73641]
thanks for your reply , I will read the documentation and see if I can solve my problem --- "Reimer, Fred" wrote: > Does anyone read the manuals around here??? > > http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/secu > r_r/sec_c2g.htm#1070272 > > You probably have your IKE proposal in your > concentrator set for XAUTH, and > you don't have your router setup for that. You can > configure your router as > the reference manual says, or you }may{ be able to > add in a new or modify an > existing IKE policy under Configuration | System | > Tunneling Protocols | > IPSec | IKE Proposals so that the Authentication > mode is not one that has > (XAUTH) at the end of it. Probably "Preshared Keys" > would be the one you > want. If you create a new one (recommended) they > you would have to change > the IKE policy used for your SA under Configuration > | Policy Management | > Traffic Management | SAs. > > Fred Reimer - CCNA > > > Eclipsys Corporation, 200 Ashford Center North, > Atlanta, GA 30338 > Phone: 404-847-5177 Cell: 770-490-3071 Pager: > 888-260-2050 > > > NOTICE; This email contains confidential or > proprietary information which > may be legally privileged. It is intended only for > the named recipient(s). > If an addressing or transmission error has > misdirected the email, please > notify the author by replying to this message. If > you are not the named > recipient, you are not authorized to use, disclose, > distribute, copy, print > or rely on this email, and should immediately delete > it from your computer. > > > -----Original Message- > From: suaveguru [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 07, 2003 1:08 AM > To: [EMAIL PROTECTED] > Subject: Strange VPN problem [7:73641] > > hi all, > > I am trying to setup a easy VPN solution for a cisco > 837 to a cisco VPN concentrator 3005 using network > extension mode but I keep getting this error msg > "Aug > 7 13:08:16.571: EZVPN(mendelvpn): Pending XAuth > Request, Please enter the following command: > Aug 7 13:08:16.571: EZVPN: crypto ipsec client > ezvpn > xauth" > > Any form of input will be appreciated > > suaveguru > > __ > Do you Yahoo!? > Yahoo! SiteBuilder - Free, easy-to-use web site > design software > http://sitebuilder.yahoo.com > **Please support GroupStudy by purchasing from the > GroupStudy Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73698&t=73641 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Strange VPN problem [7:73641]
XAUTH is in my perception for authentication of users, (local) escpecially radius or tacacs. So what we do at the hub site for a static IKE peer is disable XAUTH, so that a spoke router does not get an auth prompt, or the hub does not wait for it. So I think the HUb is waiting for an answer, maybe used to authenticate VPN users only. WHAT DID YOU PUT AT THE SCREEN IKE PROPOSALS? You need Preshareds keys there! 8. The following example shows the various policies used in the IKE policy named "CiscoVPNClient-3DES-MD". In this policy, Preshared Keys(XAUTH) for Authentication Mode is being used so that the client will be prompted to supply a username and password at the end of IKE negotiations. http://www.cisco.com/en/US/products/sw/secursw/ps2276/products_configuration _example09186a008010edf4.shtml#task2_steps Martijn -Oorspronkelijk bericht- Van: suaveguru [mailto:[EMAIL PROTECTED] Verzonden: donderdag 7 augustus 2003 9:40 Aan: Jansen, M Onderwerp: RE: Strange VPN problem [7:73641] thanks for your prompt reply , but I am using easyvpn configuration for cisco 805 router to concentrator 3005 with the cisco 805 as client mode and concentrator as hub . I can't find the line that you indicate for my cisco 805 , could it be easyvpn configuration that i am using? suaveguru --- [EMAIL PROTECTED] wrote: > Guru. > > Type the no-xauth behind the key-mapping. > > > > isakmp key **NEWKEYNEWCUSTO** address x.x.x.x > netmask 255.255.255.255 > no-xauth no-config-mode > > > > Martijn > > > -Oorspronkelijk bericht- > Van: suaveguru [mailto:[EMAIL PROTECTED] > Verzonden: donderdag 7 augustus 2003 7:08 > Aan: [EMAIL PROTECTED] > Onderwerp: Strange VPN problem [7:73641] > > > hi all, > > I am trying to setup a easy VPN solution for a cisco > 837 to a cisco VPN concentrator 3005 using network > extension mode but I keep getting this error msg > "Aug > 7 13:08:16.571: EZVPN(mendelvpn): Pending XAuth > Request, Please enter the following command: > Aug 7 13:08:16.571: EZVPN: crypto ipsec client > ezvpn > xauth" > > Any form of input will be appreciated > > suaveguru > > __ > Do you Yahoo!? > Yahoo! SiteBuilder - Free, easy-to-use web site > design software > http://sitebuilder.yahoo.com > **Please support GroupStudy by purchasing from the > GroupStudy Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73648&t=73641 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Strange VPN problem [7:73641]
Guru. Type the no-xauth behind the key-mapping. isakmp key **NEWKEYNEWCUSTO** address x.x.x.x netmask 255.255.255.255 no-xauth no-config-mode Martijn -Oorspronkelijk bericht- Van: suaveguru [mailto:[EMAIL PROTECTED] Verzonden: donderdag 7 augustus 2003 7:08 Aan: [EMAIL PROTECTED] Onderwerp: Strange VPN problem [7:73641] hi all, I am trying to setup a easy VPN solution for a cisco 837 to a cisco VPN concentrator 3005 using network extension mode but I keep getting this error msg "Aug 7 13:08:16.571: EZVPN(mendelvpn): Pending XAuth Request, Please enter the following command: Aug 7 13:08:16.571: EZVPN: crypto ipsec client ezvpn xauth" Any form of input will be appreciated suaveguru __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73645&t=73641 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Strange VPN problem [7:73641] OT:F funny [7:73722]
I mailed that! Only your explanation is superior. ;-) When i have time, not studying for my lab, i study the English language.. Say, getting dizzy over the C&C BGP guide (that should be during my sleep though, like very wannabee, I have not seen a normal book in a while) Martijn -Oorspronkelijk bericht- Van: Reimer, Fred [mailto:[EMAIL PROTECTED] Verzonden: donderdag 7 augustus 2003 15:33 Aan: [EMAIL PROTECTED] Onderwerp: RE: Strange VPN problem [7:73641] Does anyone read the manuals around here??? http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/secu r_r/sec_c2g.htm#1070272 You probably have your IKE proposal in your concentrator set for XAUTH, and you don't have your router setup for that. You can configure your router as the reference manual says, or you }may{ be able to add in a new or modify an existing IKE policy under Configuration | System | Tunneling Protocols | IPSec | IKE Proposals so that the Authentication mode is not one that has (XAUTH) at the end of it. Probably "Preshared Keys" would be the one you want. If you create a new one (recommended) they you would have to change the IKE policy used for your SA under Configuration | Policy Management | Traffic Management | SAs. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: suaveguru [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 1:08 AM To: [EMAIL PROTECTED] Subject: Strange VPN problem [7:73641] hi all, I am trying to setup a easy VPN solution for a cisco 837 to a cisco VPN concentrator 3005 using network extension mode but I keep getting this error msg "Aug 7 13:08:16.571: EZVPN(mendelvpn): Pending XAuth Request, Please enter the following command: Aug 7 13:08:16.571: EZVPN: crypto ipsec client ezvpn xauth" Any form of input will be appreciated suaveguru __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73722&t=73722 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html