L2L Vpn not establishing.

Unanswered Question
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jaffer_sathik2010 Tue, 05/29/2007 - 04:30
User Badges:


From the log, I suspect that IPsec transform-set is not matching between the VPN end-points.

Can you please confirm it.


Hi Jaffer,

below is the relevant config, i believe everything is alright in the configuration, can you confirm ?

PIX Version 6.3(5)

interface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

access-list Test permit icmp any any

access-list ICMP permit icmp any any

access-list 101 permit ip host

ip address outside a.b.c.d

ip address inside

nat (inside) 0 access-list 101

access-group Test in interface outside

sysopt connection permit-ipsec

crypto ipsec transform-set ing esp-3des esp-md5-hmac

crypto map ingmex 10 ipsec-isakmp

crypto map ingmex 10 match address 101

crypto map ingmex 10 set peer w.x.y.z

crypto map ingmex 10 set transform-set ing

crypto map ingmex interface outside

isakmp enable outside

isakmp key XXXXXX address w.x.y.z netmask

isakmp identity address

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

thanks !

ggilbert Tue, 05/29/2007 - 05:15
User Badges:
  • Cisco Employee,

Can you go send the logs from the concentrator.

Set the severities to 1-13 for IKE, IKEDBG, IPSEC and IPSECDBG. Try to establish the tunnel and send me the logs from the concentrator.



ggilbert Tue, 05/29/2007 - 05:17
User Badges:
  • Cisco Employee,

From the logs, we are trying to bring up phase 2 but we received a delete from the concentrator side.


This Discussion