cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
243
Views
0
Helpful
1
Replies

VPN Problem

Haris P
Level 4
Level 4

Dears ,

I'm creating a VPN Tunnel with Sonice Wall firewall and Í'm getting so many VPN associations as given below and the number is incresing

Albinali#sh crypto isakmp sa

dst src state conn-id slot status

Y.Y.Y.Y X.X.X.X QM_IDLE 24 0 ACTIVE

Y.Y.Y.Y X.X.X.X QM_IDLE 23 0 ACTIVE

Y.Y.Y.Y X.X.X.X QM_IDLE 22 0 ACTIVE

Y.Y.Y.Y X.X.X.X QM_IDLE 21 0 ACTIVE

Y.Y.Y.Y X.X.X.X QM_IDLE 20 0 ACTIVE

Y.Y.Y.Y X.X.X.X QM_IDLE 19 0 ACTIVE

Y.Y.Y.Y X.X.X.X QM_IDLE 18 0 ACTIVE

Y.Y.Y.Y X.X.X.X QM_IDLE 17 0 ACTIVE

Y.Y.Y.Y X.X.X.X QM_IDLE 16 0 ACTIVE

Y.Y.Y.Y X.X.X.X QM_IDLE 15 0 ACTIVE

Y.Y.Y.Y X.X.X.X QM_IDLE 14 0 ACTIVE

Y.Y.Y.Y X.X.X.X QM_IDLE 13 0 ACTIVE

Y.Y.Y.Y X.X.X.X QM_IDLE 12 0 ACTIVE

Y.Y.Y.Y X.X.X.X QM_IDLE 11 0 ACTIVE

Y.Y.Y.Y X.X.X.X QM_IDLE 10 0 ACTIVE

Y.Y.Y.Y X.X.X.X QM_IDLE 9 0 ACTIVE

Y.Y.Y.Y X.X.X.X QM_IDLE 8 0 ACTIVE

Y.Y.Y.Y X.X.X.X QM_IDLE 7 0 ACTIVE

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

crypto isakmp key dell@8574882 address 212.76.83.50

crypto isakmp identity hostname

crypto isakmp ccm

!

!

crypto ipsec transform-set vpn esp-3des esp-sha-hmac

!

crypto identity hostname

!

!

crypto map VPN_MAP 1 ipsec-isakmp

set peer X.X.X.X

set security-association lifetime seconds 86400

set transform-set vpn

match address vpn

!

!

!

!

interface FastEthernet0/0

description Towards_LAN

ip address 172.21.81.1 255.255.255.224 secondary

ip address 192.168.5.1 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

description Towards_PoE_Wireless_Injector

ip address Y.Y.Y.Y 255.255.255.248

ip nat outside

ip virtual-reassembly

speed 100

full-duplex

crypto map VPN_MAP

!

ip classless

ip route 0.0.0.0 0.0.0.0 172.21.80.1

!

!

no ip http server

ip http access-class 23

no ip http secure-server

ip nat inside source list 123 interface FastEthernet0/1 overload

!

ip access-list extended vpn

permit ip 192.168.5.0 0.0.0.255 190.10.0.0 0.0.255.255

1 Reply 1

gerald
Level 1
Level 1

Hi there, am not so very much conversant with Sonic Walls but i think what you are missing is nat exemption for that traffic flow. Try exempting it and see what happens. whats your show crypto engine giving you ?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: