RE: Ezay VPN error from CCIE on 2009-11-11 (Ccielab archives 11/2009)

From: CCIE <ccie_at_axizo.com>
Date: Wed, 11 Nov 2009 12:13:32 +0200

access-list nat0 extended permit ip 172.16.0.0 255.240.0.0 10.1.1.0
255.255.255.0
access-list nat0 extended permit ip 172.16.0.0 255.240.0.0 10.10.0.0
255.255.0.0
access-list branches-vpn-splitTunnelAcl standard permit 172.16.0.0
255.240.0.0

ip local pool MYPOOL 10.1.1.1-10.1.1.254

nat (inside) 0 access-list nat0

group-policy branches-vpn internal
group-policy branches-vpn attributes
vpn-session-timeout none
password-storage enable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value branches-vpn-splitTunnelAcl
secure-unit-authentication disable
user-authentication disable
user-authentication-idle-timeout none
nem enable

username mne-vpn password cisco
username mne-vpn attributes
vpn-group-policy branches-vpn

crypto ipsec transform-set AAADES esp-des esp-md5-hmac
crypto ipsec df-bit clear-df outside
crypto dynamic-map DYNOMAP 10 set transform-set AAADES
crypto map VPNPEER 20 ipsec-isakmp dynamic DYNOMAP
crypto map VPNPEER interface outside
isakmp identity address
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp nat-traversal 3600

tunnel-group DefaultL2LGroup ipsec-attributes
isakmp keepalive threshold 60
tunnel-group DefaultRAGroup ipsec-attributes
isakmp keepalive threshold 10
tunnel-group branches-vpn type ipsec-ra
tunnel-group branches-vpn general-attributes
address-pool MYPOOL
default-group-policy branches-vpn
tunnel-group branches-vpn ipsec-attributes
pre-shared-key *
isakmp keepalive threshold 10

-----Original Message-----
From: Ryan West [mailto:rwest_at_zyedge.com]
Sent: Tuesday, November 10, 2009 3:16 PM
To: CCIE
Cc: ccielab_at_groupstudy.com
Subject: Re: Ezay VPN error

Code versions please.

Sent from handheld.

On Nov 10, 2009, at 3:57 AM, "CCIE" <ccie_at_axizo.com> wrote:

> Hi experts,
>
> I am connecting Cisco 837 as a VPN client to an ASA, after a while of
> operation the client disconnect from the ASA side, then I must do
> clear
> crypto ipsec sa to reestablish the connect.
>
> Any advice or help about that?
>
> Regards,
>
> Amin
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________

> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>

__________ Information from ESET NOD32 Antivirus, version of virus signature
database 4591 (20091110) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

__________ Information from ESET NOD32 Antivirus, version of virus signature
database 4594 (20091111) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

Blogs and organic groups at http://www.ccie.net
Received on Wed Nov 11 2009 - 12:13:32 ART

This archive was generated by hypermail 2.2.0 : Tue Dec 01 2009 - 06:36:28 ART