Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
448
Views
0
Helpful
7
Replies

Site to Site VPN Tunnel (Trouble)

Go to solution
ray_stone
Level 1
Level 1

‎05-31-2008 04:08 AM - edited ‎03-11-2019 05:53 AM

Hi, I am trying to make tunnel between two sites and I have setup all configuration and check configuration multiple times but still not able to recognize the issue. when I execute the below commands:-

show crypto isakmp sa

Result of the command: "show crypto isakmp sa"

There are no isakmp sas

Anyone tell me what should I do??? Thanks!

show crypto isakmp sa

Result of the command: "show crypto isakmp sa"

There are no isakmp sas

Can anyone tell me

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
husycisco
Level 7
Level 7
In response to ray_stone

‎05-31-2008 09:19 AM

Hi Ray

In Rwanda

no crypto map outside_map 1 match address outside_1_cryptomap

crypto map outside_map 1 match address outside_cryptomap_1

Try setting pre-shared-key to 1 in both ends untill you resolve the issue.

Try reloading firewalls in both ends.

If reload doesnt work, try using a different transform set for l2l ESP-3DES-MD5 for example. Dont forget to define isakmp policy for this in India.

Regards

View solution in original post

0 Helpful
7 Replies 7

Go to solution
andrew.prince
Level 10
Level 10

‎05-31-2008 04:48 AM

There could be multiple issues - but the first thing I would check is - if you have defined the interesting traffic, you have to identify what traffic should pass over the VPN - this in turn will bring the VPN up.

If you have no isakmp sa's - you don't have an active VPN.

HTH.

0 Helpful

Go to solution
ray_stone
Level 1
Level 1
In response to andrew.prince

‎05-31-2008 05:26 AM

Hi, both firewall configuration are attached for your reference but when by using troubleshooting command it doesnt show IKE peer. Please review it and tell me where I am doing mistake. Thanks.

Preview file
11 KB
0 Helpful

Go to solution
ray_stone
Level 1
Level 1
In response to andrew.prince

‎05-31-2008 08:23 AM

Hi, can anyone respond as I need to make site to tunnel on priority basis. Thanks

0 Helpful

Go to solution
ray_stone
Level 1
Level 1
In response to andrew.prince

‎05-31-2008 08:24 AM

Hi, can anyone respond as I need to make site to tunnel on priority basis. Thanks

0 Helpful

Go to solution
husycisco
Level 7
Level 7
In response to ray_stone

‎05-31-2008 09:19 AM

Hi Ray

In Rwanda

no crypto map outside_map 1 match address outside_1_cryptomap

crypto map outside_map 1 match address outside_cryptomap_1

Try setting pre-shared-key to 1 in both ends untill you resolve the issue.

Try reloading firewalls in both ends.

If reload doesnt work, try using a different transform set for l2l ESP-3DES-MD5 for example. Dont forget to define isakmp policy for this in India.

Regards

0 Helpful

Go to solution
ray_stone
Level 1
Level 1
In response to husycisco

‎05-31-2008 07:48 PM

Thanks, now the tunnel has been created. Can I change in the access list instead of following commands and change outside_cryptomap_1 to outside_1_cryptomap.

no crypto map outside_map 1 match address outside_1_cryptomap

crypto map outside_map 1 match address outside_cryptomap_1

0 Helpful

Go to solution
husycisco
Level 7
Level 7
In response to ray_stone

‎06-01-2008 07:00 AM

Sure you can

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card