Site-to-Site VPN Tunnel is Not Coming between 2 Routers

Answered Question
Jul 29th, 2008
User Badges:

Dear All,


I have 2 branch routers being configured for site-to-site VPN, but the tunnel is not coming!


I ran debug and I am attaching herwith the output for your kind review and recommendation. I am also attaching here the configs of the 2 branch routers.


Any idea on why the Site-to-site VPN is not coming up?


Regards,

Haitham



You got it!


Only because you re-used the same crypto map for both the lan to lan and the vpn-client traffic.


this from the DOC CD


no-xauth


(Optional) Use this keyword if router-to-router IP Security (IPSec) is on the same crypto map as a Virtual Private Network (VPN)-client-to-Cisco-IOS IPSec. This keyword prevents the router from prompting the peer for extended authentication (Xauth) information (username and password).

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
haithamnofal Tue, 07/29/2008 - 22:29
User Badges:

Hi Joe,


Yes it worked perfectly...


So, what is the need for NO-XAUTH here, I have configured multiple site-to-site VPNs without using this keyword?!


Is it because I am configuring remote access VPN on the HQ router?


Regards,

Haitham

Correct Answer

You got it!


Only because you re-used the same crypto map for both the lan to lan and the vpn-client traffic.


this from the DOC CD


no-xauth


(Optional) Use this keyword if router-to-router IP Security (IPSec) is on the same crypto map as a Virtual Private Network (VPN)-client-to-Cisco-IOS IPSec. This keyword prevents the router from prompting the peer for extended authentication (Xauth) information (username and password).

Actions

This Discussion