Site to Site VPN Tunnel (Trouble)

Answered Question
May 31st, 2008
User Badges:

Hi, I am trying to make tunnel between two sites and I have setup all configuration and check configuration multiple times but still not able to recognize the issue. when I execute the below commands:-


show crypto isakmp sa




Result of the command: "show crypto isakmp sa"



There are no isakmp sas


Anyone tell me what should I do??? Thanks!


show crypto isakmp sa




Result of the command: "show crypto isakmp sa"



There are no isakmp sas


Can anyone tell me

Correct Answer by husycisco about 8 years 10 months ago

Sure you can

Correct Answer by husycisco about 8 years 10 months ago

Hi Ray


In Rwanda

no crypto map outside_map 1 match address outside_1_cryptomap

crypto map outside_map 1 match address outside_cryptomap_1


Try setting pre-shared-key to 1 in both ends untill you resolve the issue.

Try reloading firewalls in both ends.

If reload doesnt work, try using a different transform set for l2l ESP-3DES-MD5 for example. Dont forget to define isakmp policy for this in India.


Regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.

There could be multiple issues - but the first thing I would check is - if you have defined the interesting traffic, you have to identify what traffic should pass over the VPN - this in turn will bring the VPN up.


If you have no isakmp sa's - you don't have an active VPN.


HTH.

ray_stone Sat, 05/31/2008 - 05:26
User Badges:

Hi, both firewall configuration are attached for your reference but when by using troubleshooting command it doesnt show IKE peer. Please review it and tell me where I am doing mistake. Thanks.



Attachment: 
ray_stone Sat, 05/31/2008 - 08:23
User Badges:

Hi, can anyone respond as I need to make site to tunnel on priority basis. Thanks

ray_stone Sat, 05/31/2008 - 08:24
User Badges:

Hi, can anyone respond as I need to make site to tunnel on priority basis. Thanks

Correct Answer
husycisco Sat, 05/31/2008 - 09:19
User Badges:
  • Gold, 750 points or more

Hi Ray


In Rwanda

no crypto map outside_map 1 match address outside_1_cryptomap

crypto map outside_map 1 match address outside_cryptomap_1


Try setting pre-shared-key to 1 in both ends untill you resolve the issue.

Try reloading firewalls in both ends.

If reload doesnt work, try using a different transform set for l2l ESP-3DES-MD5 for example. Dont forget to define isakmp policy for this in India.


Regards

ray_stone Sat, 05/31/2008 - 19:48
User Badges:

Thanks, now the tunnel has been created. Can I change in the access list instead of following commands and change outside_cryptomap_1 to outside_1_cryptomap.


no crypto map outside_map 1 match address outside_1_cryptomap

crypto map outside_map 1 match address outside_cryptomap_1

Correct Answer
husycisco Sun, 06/01/2008 - 07:00
User Badges:
  • Gold, 750 points or more

Sure you can

Actions

This Discussion