Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Site to Site VPN Tunnel (Trouble)

Hi, I am trying to make tunnel between two sites and I have setup all configuration and check configuration multiple times but still not able to recognize the issue. when I execute the below commands:-

show crypto isakmp sa

Result of the command: "show crypto isakmp sa"

There are no isakmp sas

Anyone tell me what should I do??? Thanks!

show crypto isakmp sa

Result of the command: "show crypto isakmp sa"

There are no isakmp sas

Can anyone tell me

2 ACCEPTED SOLUTIONS

Accepted Solutions

Re: Site to Site VPN Tunnel (Trouble)

Hi Ray

In Rwanda

no crypto map outside_map 1 match address outside_1_cryptomap

crypto map outside_map 1 match address outside_cryptomap_1

Try setting pre-shared-key to 1 in both ends untill you resolve the issue.

Try reloading firewalls in both ends.

If reload doesnt work, try using a different transform set for l2l ESP-3DES-MD5 for example. Dont forget to define isakmp policy for this in India.

Regards

Re: Site to Site VPN Tunnel (Trouble)

Sure you can

7 REPLIES

Re: Site to Site VPN Tunnel (Trouble)

There could be multiple issues - but the first thing I would check is - if you have defined the interesting traffic, you have to identify what traffic should pass over the VPN - this in turn will bring the VPN up.

If you have no isakmp sa's - you don't have an active VPN.

HTH.

New Member

Re: Site to Site VPN Tunnel (Trouble)

Hi, both firewall configuration are attached for your reference but when by using troubleshooting command it doesnt show IKE peer. Please review it and tell me where I am doing mistake. Thanks.

New Member

Re: Site to Site VPN Tunnel (Trouble)

Hi, can anyone respond as I need to make site to tunnel on priority basis. Thanks

New Member

Re: Site to Site VPN Tunnel (Trouble)

Hi, can anyone respond as I need to make site to tunnel on priority basis. Thanks

Re: Site to Site VPN Tunnel (Trouble)

Hi Ray

In Rwanda

no crypto map outside_map 1 match address outside_1_cryptomap

crypto map outside_map 1 match address outside_cryptomap_1

Try setting pre-shared-key to 1 in both ends untill you resolve the issue.

Try reloading firewalls in both ends.

If reload doesnt work, try using a different transform set for l2l ESP-3DES-MD5 for example. Dont forget to define isakmp policy for this in India.

Regards

New Member

Re: Site to Site VPN Tunnel (Trouble)

Thanks, now the tunnel has been created. Can I change in the access list instead of following commands and change outside_cryptomap_1 to outside_1_cryptomap.

no crypto map outside_map 1 match address outside_1_cryptomap

crypto map outside_map 1 match address outside_cryptomap_1

Re: Site to Site VPN Tunnel (Trouble)

Sure you can

146
Views
0
Helpful
7
Replies