VPN connection problem

Unanswered Question
Mar 18th, 2008
User Badges:

Hi everyone,

I connect a Draytek router to Cisco router using VDPN. I have run "debug crypto isakmp" on our Cisco router. The SA was authenticated but the connection wasn't established. The show crypto session said the connection was DOWN-NEGOTIATING.

Do you know why it doesn't establish the connection?

Thank you very much.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Anonymous (not verified) Mon, 03/24/2008 - 14:36
User Badges:

Make sure that crypto map which allows the interesting traffic is configured right and applied to the appropriate outgoing interface to bring the tunnel up.

trietgiang Tue, 03/25/2008 - 15:59
User Badges:

Thanks Pengke11, I can confirm the settings are correct.

purohit_810 Tue, 03/25/2008 - 07:28
User Badges:
  • Silver, 250 points or more

Do you have port open 4500 i.e. for NAT-T??



trietgiang Tue, 03/25/2008 - 16:01
User Badges:

Dharmesh, thank you for your reply.

No I don't have port 4500 open. Why does it need to be opened?

Best regards,


trietgiang Tue, 04/01/2008 - 16:55
User Badges:

Yes I already have port NAT-T open, just didn't realise that "non500-isakmp" is actually 4500.


This Discussion