05-29-2007 02:35 AM
Hi,
I am trying to set up a site to site VPN,My end is PIX & other end is VPN concentrator.
but it seems that 2nd phase Quick mode is not coming up.
I have uploaded the debug , can someone please analyze it & let me know the cause of the problem.
Thanks in advance!
05-29-2007 04:30 AM
Hi,
From the log, I suspect that IPsec transform-set is not matching between the VPN end-points.
Can you please confirm it.
--Jaffer
05-29-2007 05:07 AM
Hi Jaffer,
below is the relevant config, i believe everything is alright in the configuration, can you confirm ?
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
access-list Test permit icmp any any
access-list ICMP permit icmp any any
access-list 101 permit ip 192.168.0.0 255.255.255.0 host 10.212.213.145
ip address outside a.b.c.d 255.255.255.248
ip address inside 192.168.0.4 255.255.255.0
nat (inside) 0 access-list 101
access-group Test in interface outside
sysopt connection permit-ipsec
crypto ipsec transform-set ing esp-3des esp-md5-hmac
crypto map ingmex 10 ipsec-isakmp
crypto map ingmex 10 match address 101
crypto map ingmex 10 set peer w.x.y.z
crypto map ingmex 10 set transform-set ing
crypto map ingmex interface outside
isakmp enable outside
isakmp key XXXXXX address w.x.y.z netmask 255.255.255.255
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
thanks !
05-29-2007 05:15 AM
Can you go send the logs from the concentrator.
Set the severities to 1-13 for IKE, IKEDBG, IPSEC and IPSECDBG. Try to establish the tunnel and send me the logs from the concentrator.
Cheers
gilbert
05-29-2007 05:17 AM
From the logs, we are trying to bring up phase 2 but we received a delete from the concentrator side.
05-29-2007 05:22 AM
Ok Thanks!
After few hours, I have a concall with the client.
right now I can not get logs & config of their Concentrator but surely i will put forward these questions.
Thanks for all you help!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: