10-04-2007 09:32 AM
I'm getting nowhere with this VPN connection.
When monitoring a ping to the remote end I get an IKE SA state of MM_NO_STATE
My ISAKMP debug looks like this...
ISADB: reaper checking SA 0xfaea74, conn_id = 0
ISAKMP (0:0): sending NAT-T vendor ID - rev 2 & 3
ISAKMP (0): beginning Main Mode exchange
crypto_isakmp_process_block:src:Ford, dest:OPIX spt:500 dpt:500
return status is IKMP_NO_ERR_NO_TRANS
ISAKMP (0): deleting SA: src OPIX, dst Ford
ISADB: reaper checking SA 0xfcd824, conn_id = 0 DELETE IT!
VPN Peer:ISAKMP: Peer Info for Ford/500 not found - peers:1
Any thoughts?
10-05-2007 07:56 AM
Search cisco.com for 'ipsec checkpoint' and there are a couple of docs. I have followed them and been able to establish tunnels.
HTH and please rate.
10-05-2007 07:53 PM
Hi,
Based on the output posted, the configuration is incomplete or misconfigured. For example, the line "VPN Peer:ISAKMP: Peer Info for Ford/500 not found - peers:1" says that the pix is not able to find some information related to the checkpoint peer address.
If possible, Can you post the configuration from the Pix and also outputs of "deb cry is" and "deb cry ips" from the pix when you try to bring up the tunnel.
I hope it helps.
Regards,
Arul
** Please rate all helpful posts **
10-12-2007 11:58 AM
10-06-2007 12:02 AM
Hi,
Follow these steps
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800ef796.shtml
Regards,
Dandy
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide