VPN between cisco 857 and ASA 5510 failing!!

Unanswered Question
Nov 29th, 2007

The VPN isn't coming up. I configured the ASA manually and used the SDM for the router, hence the poor naming in my config.

The ASA protects 191.1.1.0/24 and the router protects 192.168.1.0/24

Any help would be great as this is wrecking my head. The remote access vpns work fine to the ASA and have removed some from the config.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
kevin.jones1 Thu, 11/29/2007 - 14:23

do this:

no crypto map VPN 1 ipsec-isakmp dynamic dyn1

crypto map VPN 65535 ipsec-isakmp dynamic dyn1

You have to make the dynamic with the largest

crypto map sequence number. Cisco doesn't

enforce it in version 6.x but they decide to do

this in version 7.x

kinskins01 Mon, 12/03/2007 - 09:41

hi i tried this and still no joy. I'm going to clear off all the crypto configs and see what happens when I re-configure

ajagadee Mon, 12/03/2007 - 10:54

Before you clear the configs, can you run "deb cry is" and "deb cry ipsec", try to bring up the tunnel and capture the debug outputs and post it in the forum.

Regards,

Arul

ccbootcamp Mon, 12/03/2007 - 13:25

first thing i see, is that you are missing a transform set on your ASA:

crypto map VPN 3 match address SITE-VPN

you're using it, but it's not defined. moving the dynamic statement to the end is definitely good practice as well.

-brad

www.ccbootcamp.com

(please rate the post if this helps!)

kinskins01 Mon, 12/10/2007 - 11:01

HI All,

thanks for your comments but there was a problem with the router config. Once I ran the wizard again it brought the tunnel up

Actions

This Discussion