Vpn Tunnel Error between ASA-5510 and Nortel CES2700D

hai_nit2 · ‎03-12-2007

Hello,

actually the problem is the tunnel is showing up but the trafic is not going thru tunnel. and when I do "debug crypto isakmp " then its showing error " Information exchange proccesing error " . I am attaching ASA Configuration and error.

please look in to my matter.

Thanks ,

Nitin

ggilbert · ‎03-12-2007

Hi Nitin,

Thanks for attaching the configuration -

Taking a look at the crypto ACL "outside_20_cryptomap", you have two statements.

From the symptoms you are saying, it maybe that your NAT exemption might not be configured properly.

Looking at the Nat exemption ACL "inside_nat0_outbound" it does seem like you do not have the proper entry.

Please make sure that your encryption ACL entries are the exact replica of your NAT exemption entries.

In your case, your NAT exemption entry should be

access-list inside_nat0_outbound extended permit ip host X.X.X.131 host 169.10.33.58

access-list inside_nat0_outbound extended permit icmp host X.X.X.131 host 169.10.33.58

Let me know. Otherwise we might have to get some extensive debugging to figure out the issue.

Rate this post, if it helps.

Thanks

Gilbert

hai_nit2 · ‎03-13-2007

Hi Gilbert,

Thanks,your suggesion is very helpfull for me..and now the data is going thru.

Thaks alot,

Nitin

mauro.s.cartas · ‎12-03-2007

edited..