Site-to-Site VPN from a C7613 - VPN engine not triggered

Unanswered Question
Oct 13th, 2007

Hi !

I am trying to setup a site-to-site VPN from a C7613 (122-33.SRB1.bin) to another Cisco device -

using the following commands.

I am sending traffic (which is configured in the ACL) - but no VPN is triggered.

I got failures like " No peer struct to get peer description"

I can not even see traffic to the VPN-Peer Address (monitor port on the physical interface).

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp key ********** address

crypto isakmp keepalive 3600



crypto ipsec transform-set SET1 esp-3des esp-sha-hmac


crypto map MAP1 10 ipsec-isakmp

set peer

set transform-set SET1

match address 101

MAP1 is bound to a VLAN Interface (crypto map MAP1)

Could you please help me ???



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
cogden Tue, 06/10/2008 - 10:05

I have just encountered the same issue.

How did you resolve yours?

I think it's something to do with ACLs, but I cannot figure it out at the moment!

Any clues?


cogden Tue, 06/10/2008 - 11:31

I figured out the problem.

I needed to generate valid interesting traffic, and since there was a transit network from the router to the core switch stack, I needed to telnet to the core switch and ping the remote network with a valid source interface. e.g. ping source vlan1

Then the VPN tunnel came up!



This Discussion