VPN between cisco 857 and ASA 5510 failing!!

Unanswered Question
Nov 29th, 2007
User Badges:

The VPN isn't coming up. I configured the ASA manually and used the SDM for the router, hence the poor naming in my config.


The ASA protects 191.1.1.0/24 and the router protects 192.168.1.0/24


Any help would be great as this is wrecking my head. The remote access vpns work fine to the ASA and have removed some from the config.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
kevin.jones1 Thu, 11/29/2007 - 14:23
User Badges:

do this:

no crypto map VPN 1 ipsec-isakmp dynamic dyn1

crypto map VPN 65535 ipsec-isakmp dynamic dyn1


You have to make the dynamic with the largest

crypto map sequence number. Cisco doesn't

enforce it in version 6.x but they decide to do

this in version 7.x

kinskins01 Mon, 12/03/2007 - 09:41
User Badges:

hi i tried this and still no joy. I'm going to clear off all the crypto configs and see what happens when I re-configure

ajagadee Mon, 12/03/2007 - 10:54
User Badges:
  • Cisco Employee,

Before you clear the configs, can you run "deb cry is" and "deb cry ipsec", try to bring up the tunnel and capture the debug outputs and post it in the forum.


Regards,

Arul

ccbootcamp Mon, 12/03/2007 - 13:25
User Badges:
  • Gold, 750 points or more

first thing i see, is that you are missing a transform set on your ASA:


crypto map VPN 3 match address SITE-VPN


you're using it, but it's not defined. moving the dynamic statement to the end is definitely good practice as well.


-brad

www.ccbootcamp.com

(please rate the post if this helps!)


kinskins01 Mon, 12/10/2007 - 11:01
User Badges:

HI All,


thanks for your comments but there was a problem with the router config. Once I ran the wizard again it brought the tunnel up

Actions

This Discussion