vpn site-to-stie w/wpn clients

Unanswered Question
Jan 25th, 2008

I inherited an issue with a site-to-site vpn connection. It's looks like below w/nat being done on r1 for the pix. The vpn clients can connect but the site-to-site won't come up. To compound the issue R1 has two internet connections so policy routing is being used. Any assistance would be greatly appreciated.

Pix--R1--Internet--R2--checkpt

I've attached pix, router, and isakmp debug.

thanks.

Josh

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ajagadee Fri, 01/25/2008 - 12:44

I see that the isakmp gets stuck in the below state, which could be something to do with the PSK>

69.25.174.245 172.16.200.1 MM_KEY_EXCH

Can you make sure that the preshared key is matching on both the sides.

Regards,

Arul

** Please rate all helpful posts **

jestoner7 Mon, 01/28/2008 - 07:11

thanks Arul, the keys do match. The tunnel works when I take out the nat-traversal command, but when added back the far end still see me trying port 4500 to connect.

Actions

This Discussion