L2L VPN configuration question

Unanswered Question
Jun 22nd, 2008
User Badges:

I have a VPN concentrator 3002 series with 2-existing L2L VPN configured. Recently, I tried to add 1 more L2L connection but I am having problem with the phase 2 not being able to established (only phase 1 complete) and the log shows that it's associating the new L2L VPN configuration with 1 of the existing L2L configured. When I tried to disable the one that is associating with the new L2L configured phase 1 and phase 2 completes without any problem. One thing I notice with the one that is associating (conflicting) with new L2L configuration is there is a check mark with the option that says IPSEC NAT-T. Could this be the reason why it's associating with the new L2L connection. Thanks in advance for any help or ideas you can share.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
dhananjoy chowdhury Mon, 06/23/2008 - 05:36
User Badges:
  • Silver, 250 points or more


I don't think this is a problem with NAT-T. It will only specify that there is a NAT device in between the VPN GW's. And it will use UDP4500 port.

Please check the following in your config:-

-remote peer address IP for all the 3 L2L vpns you have.

-crypto maps and their sequence nos


This Discussion