vpn site-to-stie w/wpn clients

Unanswered Question
Jan 25th, 2008

I inherited an issue with a site-to-site vpn connection. It's looks like below w/nat being done on r1 for the pix. The vpn clients can connect but the site-to-site won't come up. To compound the issue R1 has two internet connections so policy routing is being used. Any assistance would be greatly appreciated.


I've attached pix, router, and isakmp debug.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ajagadee Fri, 01/25/2008 - 12:44

I see that the isakmp gets stuck in the below state, which could be something to do with the PSK> MM_KEY_EXCH

Can you make sure that the preshared key is matching on both the sides.



** Please rate all helpful posts **

jestoner7 Mon, 01/28/2008 - 07:11

thanks Arul, the keys do match. The tunnel works when I take out the nat-traversal command, but when added back the far end still see me trying port 4500 to connect.


This Discussion