Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
299
Views
0
Helpful
4
Replies

PIX L2L VPN issue - no debugs displaying on screen

SOL10
Level 1
Level 1

‎11-07-2008 03:36 AM - edited ‎03-11-2019 07:09 AM

hi

there seems to be a problem with a site to site vpn on my pix 515 (IOS 6.3(3)). it seems that even phase 1 wont initiate and when i enter debug crypto isakmp or debug crypto ipsec, nothing seems to output to screen. (current the secondary pix is active as it failed over last week)

1)should this make a diff as to why no debud messages appear on screen?

2)how can you force phase 1 to start?

3) short of rebooting the firewall is there anything else i can do?

Regards

Labels:
0 Helpful
4 Replies 4

husycisco
Level 7
Level 7

‎11-08-2008 12:24 AM

Hello Suleiman,

Most probably something is wrong with interesting traffic ACL that no traffic occurs that is interesting to IPSEC tunnel to kick in. Post your running config and let us advise.

Regards

0 Helpful

SOL10
Level 1
Level 1
In response to husycisco

‎11-10-2008 02:10 AM

Hi there

here is the part of the config relating to this tunnel. the thing is although i run debug cryptop isakmp command i cant see any messages on screen.

isakmp policy 15 authentication pre-share

isakmp policy 15 encryption des

isakmp policy 15 hash md5

isakmp policy 15 group 2

isakmp policy 15 lifetime 3600

isakmp enable outside

isakmp key ******** address {supplier peer} netmask 255.255.255.255 no-xauth no-config-mode

access-list supplier permit ip host {my server public ip} host {supplier server public ip}

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto map outside_map 82 ipsec-isakmp

crypto map outside_map 82 match address supplier

crypto map outside_map 82 set pfs group2

crypto map outside_map 82 set peer {supplier peer}

crypto map outside_map 82 set transform-set ESP-DES-MD5

crypto map outside_map 82 set security-association lifetime seconds 3600 kilobytes 4608000

0 Helpful

husycisco
Level 7
Level 7
In response to SOL10

‎11-10-2008 03:00 AM

Suleiman,

Add this

crypto map outside_map interface outside

Why is interesting traffic based on public IPs? To what IP addresses at remote site d o you want to establish connection over VPN?

0 Helpful

SOL10
Level 1
Level 1
In response to husycisco

‎11-10-2008 03:46 AM

hi there husycisco,

that command was there as well, i forgot to include it..the latest on it is, its working.

i rang tac, and he ran the same commands as i did interms of clearing sa's. the only thing i didnt do, clear the crypto map outside_map command and then reapply it.

thanks for your help tho.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card