L2L Vpn not establishing.

Unanswered Question
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jaffer_sathik2010 Tue, 05/29/2007 - 04:30

Hi,

From the log, I suspect that IPsec transform-set is not matching between the VPN end-points.

Can you please confirm it.

--Jaffer

Hi Jaffer,

below is the relevant config, i believe everything is alright in the configuration, can you confirm ?

PIX Version 6.3(5)

interface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

access-list Test permit icmp any any

access-list ICMP permit icmp any any

access-list 101 permit ip 192.168.0.0 255.255.255.0 host 10.212.213.145

ip address outside a.b.c.d 255.255.255.248

ip address inside 192.168.0.4 255.255.255.0

nat (inside) 0 access-list 101

access-group Test in interface outside

sysopt connection permit-ipsec

crypto ipsec transform-set ing esp-3des esp-md5-hmac

crypto map ingmex 10 ipsec-isakmp

crypto map ingmex 10 match address 101

crypto map ingmex 10 set peer w.x.y.z

crypto map ingmex 10 set transform-set ing

crypto map ingmex interface outside

isakmp enable outside

isakmp key XXXXXX address w.x.y.z netmask 255.255.255.255

isakmp identity address

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

thanks !

ggilbert Tue, 05/29/2007 - 05:15

Can you go send the logs from the concentrator.

Set the severities to 1-13 for IKE, IKEDBG, IPSEC and IPSECDBG. Try to establish the tunnel and send me the logs from the concentrator.

Cheers

gilbert

ggilbert Tue, 05/29/2007 - 05:17

From the logs, we are trying to bring up phase 2 but we received a delete from the concentrator side.

Actions

This Discussion