Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
400
Views
0
Helpful
2
Replies

Site-to-Site VPN from a C7613 - VPN engine not triggered

schimeha1977
Level 1
Level 1

‎10-13-2007 12:10 AM

Hi !

I am trying to setup a site-to-site VPN from a C7613 (122-33.SRB1.bin) to another Cisco device -

using the following commands.

I am sending traffic (which is configured in the ACL) - but no VPN is triggered.

I got failures like " No peer struct to get peer description"

I can not even see traffic to the VPN-Peer Address (monitor port on the physical interface).

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp key ********** address xxx.xxx.xxx.xxx

crypto isakmp keepalive 3600

!

!

crypto ipsec transform-set SET1 esp-3des esp-sha-hmac

!

crypto map MAP1 10 ipsec-isakmp

set peer xxx.xxx.xxx.xxx

set transform-set SET1

match address 101

MAP1 is bound to a VLAN Interface (crypto map MAP1)

Could you please help me ???

thx

hans

Labels:
0 Helpful
2 Replies 2

cogden
Level 1
Level 1

‎06-10-2008 10:05 AM

I have just encountered the same issue.

How did you resolve yours?

I think it's something to do with ACLs, but I cannot figure it out at the moment!

Any clues?

Chris

0 Helpful

cogden
Level 1
Level 1
In response to cogden

‎06-10-2008 11:31 AM

I figured out the problem.

I needed to generate valid interesting traffic, and since there was a transit network from the router to the core switch stack, I needed to telnet to the core switch and ping the remote network with a valid source interface. e.g. ping 10.202.1.1 source vlan1

Then the VPN tunnel came up!

Chris

0 Helpful
Customers Also Viewed These Support Documents