12-07-2009 05:56 AM
Hi, I am trying to set up a site to site VPN between ASA 5520 and the check point firewall using the site to site VPN tunnel wizard from the ASDM. The checkpoint firewall is configured by the technicians on the third party site. we verified that all the configurations including pre-shared keys are the same. but it is not working.
How do I troubleshoot what the problem is? is there a way to force the tunnel to connect?
12-07-2009 06:51 AM
emmanuel.shoroma wrote:
Hi, I am trying to set up a site to site VPN between ASA 5520 and the check point firewall using the site to site VPN tunnel wizard from the ASDM. The checkpoint firewall is configured by the technicians on the third party site. we verified that all the configurations including pre-shared keys are the same. but it is not working.
How do I troubleshoot what the problem is? is there a way to force the tunnel to connect?
Emmanuel
You need to do some debugging. The 2most useful debugs are "debu crypto ipsec" and "debug crypto isa" - see the command reference for details -
http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/d1_72.html
To force the tunnel to try and connect you need to generate some "interesting" traffic ie. when you setup the VPN you defined the local and remote subnets that were allowed to communicate and on what ports/protocols.
Jon
12-08-2009 01:28 AM
Hi, Thanks. I managed to see what the problem is. the issue is with the crypto map access lists. when I specify the other site host network adress, I get erro log saying (" no matching crypto map entry for remote proxy 0.0.0.0/0.0.0.0/0/0 local proxy x.x.x.x/x.x.x.x/x/x) if I allow any on the crypto map access lists to our network x.x.x.x/x.x.x.x, then it works.
Any Idea why can't it work when I specify the remote site network and why is it showing remote site as 0.0.0.0/0.0.0.0?
Your help will be highly appreciated.
Regards,
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: