Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

PIX L2L VPN issue - no debugs displaying on screen

hi

there seems to be a problem with a site to site vpn on my pix 515 (IOS 6.3(3)). it seems that even phase 1 wont initiate and when i enter debug crypto isakmp or debug crypto ipsec, nothing seems to output to screen. (current the secondary pix is active as it failed over last week)

1)should this make a diff as to why no debud messages appear on screen?

2)how can you force phase 1 to start?

3) short of rebooting the firewall is there anything else i can do?

Regards

4 REPLIES

Re: PIX L2L VPN issue - no debugs displaying on screen

Hello Suleiman,

Most probably something is wrong with interesting traffic ACL that no traffic occurs that is interesting to IPSEC tunnel to kick in. Post your running config and let us advise.

Regards

New Member

Re: PIX L2L VPN issue - no debugs displaying on screen

Hi there

here is the part of the config relating to this tunnel. the thing is although i run debug cryptop isakmp command i cant see any messages on screen.

isakmp policy 15 authentication pre-share

isakmp policy 15 encryption des

isakmp policy 15 hash md5

isakmp policy 15 group 2

isakmp policy 15 lifetime 3600

isakmp enable outside

isakmp key ******** address {supplier peer} netmask 255.255.255.255 no-xauth no-config-mode

access-list supplier permit ip host {my server public ip} host {supplier server public ip}

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto map outside_map 82 ipsec-isakmp

crypto map outside_map 82 match address supplier

crypto map outside_map 82 set pfs group2

crypto map outside_map 82 set peer {supplier peer}

crypto map outside_map 82 set transform-set ESP-DES-MD5

crypto map outside_map 82 set security-association lifetime seconds 3600 kilobytes 4608000

Re: PIX L2L VPN issue - no debugs displaying on screen

Suleiman,

Add this

crypto map outside_map interface outside

Why is interesting traffic based on public IPs? To what IP addresses at remote site d o you want to establish connection over VPN?

New Member

Re: PIX L2L VPN issue - no debugs displaying on screen

hi there husycisco,

that command was there as well, i forgot to include it..the latest on it is, its working.

i rang tac, and he ran the same commands as i did interms of clearing sa's. the only thing i didnt do, clear the crypto map outside_map command and then reapply it.

thanks for your help tho.

116
Views
0
Helpful
4
Replies
CreatePlease to create content