Site to Site Tunnel Not Working

Unanswered Question
Oct 27th, 2009
User Badges:

Hi, I have configured Site - Site VPN.

but still not able to see, why tunnel is not eastabhlished


access-list VPN_AAA_ZZZ permit ip

crypto isakmp key Sabrina address netmask

crypto map VPN_map 10 match address VPN_AAA_ZZZ

crypto map VPN_map 10 set peer

crypto map VPN_map 10 set transform-set ESP-3DES-SHA

crypto map VPN_map interface outside

access-list No_nat permit ip

access-list VPN_AAA_ZZZ permit ip

nat (inside) 0 access-list No_nat


access-list VPN_ZZZ_AAA permit ip

crypto isakmp key Sabrina address netmask

crypto map VPN 60 ipsec-isakmp

crypto map VPN 60 match address VPN_ZZZ_AAA

crypto map VPN 60 set peer

crypto map VPN 60 set transform-set ESP-3DES-SHA

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
pushpendray Tue, 10/27/2009 - 11:50
User Badges:

forgot to add this in


access-list No_nat permit ip



sysopt connection permit-ipsec

also at both end.

I dont know where m i lacking?

mike_guy29 Tue, 10/27/2009 - 17:06
User Badges:


Could be a few reasons why it is failing. Firstly what devices are you using for the VPN endpoints? I have not seen any ISAKMP policies configured here either. These are required to match for the first part of the VPN establishment.

What do the outputs of "show crypto isakmp sa" and "show crypto ipsec sa" show you?

Are you able to post the configs for both side of the tunnel (minus any sensitive information of course)




This Discussion