Site to site VPN no connectivity

adminiseos · ‎06-26-2007

Hi all,

I've got a 1801 on which are already connected 2 site to site VPNs. They all work fine.

My problem is that I want to add a 3rd one, with exactley the same configuration (same IPSEC policy) and this one can't get up!!

When I paste onto this 3rd router the config of the 2nd one, it works fine.

When I run the debugging test with SDM, the following message appears:

"The peer xxx.xxx.xxx.xxx is responding but the VPN tunnel in not established. IPSec policies of this router are not matching with the IPSec policies of the peer device." Although the policies are exactly the same.

Any idea? If you need more info like my routers conf, let me know...

Thanks a lot in advance,

Mat

timkaye · ‎06-26-2007

I've encountered something similar.

I had a vpn between pix A and B. I then had another pix C, connect to B.

The vpn would come up and I could see all the right associations. I was required to change the order of my crypto maps. Mkaing the non working one first and the others higher values.

The issue i guess it highlighted as an overlap in the SA's. Where possible try to be as specific with the source and destination subnets.

I also have found that in some cases, on a pix, i was required to create a crypto map for each network (or line in an acl) as it wouldn't work otherwise.

Hopefully this might help.