05-29-2007 02:35 AM
Hi,
I am trying to set up a site to site VPN,My end is PIX & other end is VPN concentrator.
but it seems that 2nd phase Quick mode is not coming up.
I have uploaded the debug , can someone please analyze it & let me know the cause of the problem.
Thanks in advance!
05-29-2007 04:30 AM
Hi,
From the log, I suspect that IPsec transform-set is not matching between the VPN end-points.
Can you please confirm it.
--Jaffer
05-29-2007 05:07 AM
Hi Jaffer,
below is the relevant config, i believe everything is alright in the configuration, can you confirm ?
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
access-list Test permit icmp any any
access-list ICMP permit icmp any any
access-list 101 permit ip 192.168.0.0 255.255.255.0 host 10.212.213.145
ip address outside a.b.c.d 255.255.255.248
ip address inside 192.168.0.4 255.255.255.0
nat (inside) 0 access-list 101
access-group Test in interface outside
sysopt connection permit-ipsec
crypto ipsec transform-set ing esp-3des esp-md5-hmac
crypto map ingmex 10 ipsec-isakmp
crypto map ingmex 10 match address 101
crypto map ingmex 10 set peer w.x.y.z
crypto map ingmex 10 set transform-set ing
crypto map ingmex interface outside
isakmp enable outside
isakmp key XXXXXX address w.x.y.z netmask 255.255.255.255
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
thanks !
05-29-2007 05:15 AM
Can you go send the logs from the concentrator.
Set the severities to 1-13 for IKE, IKEDBG, IPSEC and IPSECDBG. Try to establish the tunnel and send me the logs from the concentrator.
Cheers
gilbert
05-29-2007 05:17 AM
From the logs, we are trying to bring up phase 2 but we received a delete from the concentrator side.
05-29-2007 05:22 AM
Ok Thanks!
After few hours, I have a concall with the client.
right now I can not get logs & config of their Concentrator but surely i will put forward these questions.
Thanks for all you help!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide