vpn site-to-stie w/wpn clients

Unanswered Question
Jan 25th, 2008
User Badges:

I inherited an issue with a site-to-site vpn connection. It's looks like below w/nat being done on r1 for the pix. The vpn clients can connect but the site-to-site won't come up. To compound the issue R1 has two internet connections so policy routing is being used. Any assistance would be greatly appreciated.


I've attached pix, router, and isakmp debug.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ajagadee Fri, 01/25/2008 - 12:44
User Badges:
  • Cisco Employee,

I see that the isakmp gets stuck in the below state, which could be something to do with the PSK> MM_KEY_EXCH

Can you make sure that the preshared key is matching on both the sides.



** Please rate all helpful posts **

jestoner7 Mon, 01/28/2008 - 07:11
User Badges:

thanks Arul, the keys do match. The tunnel works when I take out the nat-traversal command, but when added back the far end still see me trying port 4500 to connect.


This Discussion