RE: proxy identities not supported from Joseph L. Brunner on 2012-01-03 (Ccielab archives 01/2012)

From: Joseph L. Brunner <joe_at_affirmedsystems.com>
Date: Tue, 3 Jan 2012 10:51:38 +0000

Post your configs... I suspect you misconfigured ezvpn.

At a basic level here is a server and client config I use every day that works great.

Server:

aaa authentication login default local line
aaa authentication login ezvpnuserlist local
aaa authorization network ezvpnusergroup local
!
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
crypto isakmp invalid-spi-recovery
!
crypto isakmp client configuration group vpngwtogw
key newkeynow00
acl split_tunnel_acl
save-password
max-users 10

crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set ESP-AES128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set default esp-aes esp-sha-hmac
!
crypto identity ad
!
crypto dynamic-map dyntemplate 1
set transform-set default
reverse-route
!
!
crypto map secure client authentication list ezvpnuserlist
crypto map secure isakmp authorization list ezvpnusergroup
crypto map secure client configuration address respond
crypto map secure 65535 ipsec-isakmp dynamic dyntemplate

ip access-list extended split_tunnel_acl
permit ip 10.10.200.0 0.0.0.255 any

interface gigabithethernet0/0
description outside
ip address 74.19.14.210 255.255.255.224
crypto map secure

Client:

crypto isakmp policy 10
encr aes
authentication pre-share
group 2
!
!
crypto ipsec transform-set ESP-AES128-SHA esp-aes esp-sha-hmac
!
!
!
crypto ipsec client ezvpn vpngwtogw
connect auto
group vpngwtogw key newkeynow00
mode network-extension
peer 90.19.14.210
username admin password nonegiven
xauth userid mode local
!
!
crypto identity ad
!
int fastethernet0
Description outside
ip address dhcp
crypto ipsec client ezvpn vpngwtogw

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of amin
Sent: Tuesday, January 03, 2012 5:34 AM
To: ccielab_at_groupstudy.com
Subject: proxy identities not supported

Hi experts,

I am configuring easy VPN between two cisco router, on the server always I got this error message "proxy identities not supported", cisco website says that the two access list need to be mirror on each side, but in my case is easy vpn, which mean no access list configuraiton on the client side.

Any hits about this issue?

Regards,

Amin

Blogs and organic groups at http://www.ccie.net
Received on Tue Jan 03 2012 - 10:51:38 ART

This archive was generated by hypermail 2.2.0 : Thu Feb 02 2012 - 11:52:51 ART