10-27-2009 11:46 AM - edited 03-11-2019 09:32 AM
Hi, I have configured Site - Site VPN.
but still not able to see, why tunnel is not eastabhlished
AAA-ZZZ
access-list VPN_AAA_ZZZ permit ip 10.20.0.0 255.255.0.0 10.1.0.0 255.255.0.0
crypto isakmp key Sabrina address 27.5.9.118 netmask 255.255.255.255
crypto map VPN_map 10 match address VPN_AAA_ZZZ
crypto map VPN_map 10 set peer 27.5.9.118
crypto map VPN_map 10 set transform-set ESP-3DES-SHA
crypto map VPN_map interface outside
access-list No_nat permit ip 10.20.0.0 255.255.0.0 10.1.0.0 255.255.0.0
access-list VPN_AAA_ZZZ permit ip 10.20.0.0 255.255.0.0 10.1.0.0 255.255.0.0
nat (inside) 0 access-list No_nat
ZZZ-AAA
access-list VPN_ZZZ_AAA permit ip 10.1.0.0 255.255.0.0 10.20.0.0 255.255.0.0
crypto isakmp key Sabrina address 23.20.28.125 netmask 255.255.255.255
crypto map VPN 60 ipsec-isakmp
crypto map VPN 60 match address VPN_ZZZ_AAA
crypto map VPN 60 set peer 23.20.28.125
crypto map VPN 60 set transform-set ESP-3DES-SHA
10-27-2009 11:50 AM
forgot to add this in
ZZZ_AAA
access-list No_nat permit ip 10.1.0.0 255.255.0.0 10.20.0.0 255.255.0.0
and
added
sysopt connection permit-ipsec
also at both end.
I dont know where m i lacking?
10-27-2009 05:06 PM
Hi,
Could be a few reasons why it is failing. Firstly what devices are you using for the VPN endpoints? I have not seen any ISAKMP policies configured here either. These are required to match for the first part of the VPN establishment.
What do the outputs of "show crypto isakmp sa" and "show crypto ipsec sa" show you?
Are you able to post the configs for both side of the tunnel (minus any sensitive information of course)
Regards
Mike
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide