03-21-2018 09:07 AM - edited 03-12-2019 07:24 AM
I am new to programming Cisco IOS devices. I have a client with which I need to create a VPN from our VPC to their PIX device. I have started a trial with the Cisco CSR 1000V virtual appliance. I have access to it and have started to the configuration.
I think I have the isakmp phase 1 complete and most of phase 2. Where I am stuck is no doubt the actual complicated part...setting the acls, etc. for interesting traffic and whatever else is needed.
The PIX admin gave me the following peer and endpoint info (generalized here for security purposes as these are all "real" IPs):
Peer1 xxx.xxx.xxx.5
Target1a xxx.yyy.yyy.7
Target1b xxx.xxx.xxx.7
Peer2 zzz.zzz.zzz.17
Target2 zzz.zzz.zzz.7
I would be grateful for any help with how this information should be used to complete the S-2-S VPN configuration. Every example I have found uses a subnet and not a real IP for filtering interesting traffic.
Thanks
Kirt
03-28-2018 07:03 AM
You can run debug crypto ipsec for example
03-28-2018 09:43 AM
I had been trying that and was turning debug on for ipsec and isakmp, but did not see any output. I found the term monitor option and am looking at output now.
03-28-2018 12:04 PM
It turned out to be an encryption mismatch. We have a the tunnel up!
Thanks for all your input, Francesco!
03-28-2018 05:26 PM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: