Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
434
Views
0
Helpful
2
Replies

vpn site-to-stie w/wpn clients

jestoner7
Level 1
Level 1

‎01-25-2008 12:03 PM - edited ‎02-21-2020 03:30 PM

I inherited an issue with a site-to-site vpn connection. It's looks like below w/nat being done on r1 for the pix. The vpn clients can connect but the site-to-site won't come up. To compound the issue R1 has two internet connections so policy routing is being used. Any assistance would be greatly appreciated.

Pix--R1--Internet--R2--checkpt

I've attached pix, router, and isakmp debug.

thanks.

Josh

Labels:
Preview file
7 KB
Preview file
3 KB
Preview file
10 KB
0 Helpful
2 Replies 2

ajagadee
Cisco Employee
Cisco Employee

‎01-25-2008 12:44 PM

I see that the isakmp gets stuck in the below state, which could be something to do with the PSK>

69.25.174.245 172.16.200.1 MM_KEY_EXCH

Can you make sure that the preshared key is matching on both the sides.

Regards,

Arul

** Please rate all helpful posts **

0 Helpful

jestoner7
Level 1
Level 1
In response to ajagadee

‎01-28-2008 07:11 AM

thanks Arul, the keys do match. The tunnel works when I take out the nat-traversal command, but when added back the far end still see me trying port 4500 to connect.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents