01-11-2008 09:32 AM - edited 02-21-2020 03:28 PM
I am trying to configure a VPN to a partner company with a watchguard firewall.
I am running a 5540 ASA version 7.2.
It's a pre-shared key config, and passes phase 1. I don't get any debug entries after that and no errors.
A show crypto isakmp sa gives the following:
19 IKE Peer: 64.xxx.xxx.xxx
Type : L2L Role : responder
Rekey : no State : MM_ACTIVE
But a show crypto ipsec doesn't have it listed anywhere.
My crypo config is as follows:
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map outside_map 100 match address outside_xxxxx_cryptomap
crypto map outside_map 100 set peer 64.xxx.xxx.xxx
crypto map outside_map 100 set transform-set ESP-3DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 40
authentication pre-share
encryption 3des
hash md5
group 1
lifetime 86400
crypto isakmp nat-traversal 20
My tunnel config is as follows:
tunnel-group 64.xxx.xxx.xxx type ipsec-l2l
tunnel-group 64.xxx.xxx.xxx ipsec-attributes
pre-shared-key *
peer-id-validate nocheck
isakmp keepalive disable
01-17-2008 09:29 AM
Clear the SA using command "clear crypto isakmp sa" and re enter the pre shared keys. If this does not works remove and re-apply crypto maps. Following link may help you
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml
01-17-2008 11:46 AM
Can you post the "deb cry is" and "deb cry ipsec" when you try and bring up the tunnel.
Regards,
Arul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide