VPN between cisco 857 and ASA 5510 failing!!

kinskins01 · ‎11-29-2007

The VPN isn't coming up. I configured the ASA manually and used the SDM for the router, hence the poor naming in my config.

The ASA protects 191.1.1.0/24 and the router protects 192.168.1.0/24

Any help would be great as this is wrecking my head. The remote access vpns work fine to the ASA and have removed some from the config.

kevin.jones1 · ‎11-29-2007

do this:

no crypto map VPN 1 ipsec-isakmp dynamic dyn1

crypto map VPN 65535 ipsec-isakmp dynamic dyn1

You have to make the dynamic with the largest

crypto map sequence number. Cisco doesn't

enforce it in version 6.x but they decide to do

this in version 7.x

kinskins01 · ‎12-03-2007

hi i tried this and still no joy. I'm going to clear off all the crypto configs and see what happens when I re-configure

ajagadee · ‎12-03-2007

Before you clear the configs, can you run "deb cry is" and "deb cry ipsec", try to bring up the tunnel and capture the debug outputs and post it in the forum.

Regards,

Arul

ccbootcamp · ‎12-03-2007

first thing i see, is that you are missing a transform set on your ASA:

crypto map VPN 3 match address SITE-VPN

you're using it, but it's not defined. moving the dynamic statement to the end is definitely good practice as well.

-brad

www.ccbootcamp.com

(please rate the post if this helps!)

kinskins01 · ‎12-10-2007

HI All,

thanks for your comments but there was a problem with the router config. Once I ran the wizard again it brought the tunnel up