I am attempting to establish a VPN between a Pix515e and a Cisco 7206VXR router. I have no control of the 7206VXR as it is owned by another company.
I'm trying to setup a LAN to LAN VPN, actually a server on my end, to a Class C on the other end. The requirement is my internal server needs to use one of my public addresses when communicating through the VPN to this remote subnet.
I have NAT setup to NAT my server's internal address to a public address when the traffic is destined for this remote subnet. The ACL counter for this NAT translation increments when I ping from my server to the remote side, so it appears this is working.
I have another ACL used by my IPSec setup to define interesting traffic. This ACL uses my NATTED public address and the remote subnet to define what is interesting. When I ping I see the counter on this ACL incrementing.
Now for the problem, when I run debug crypto isakmp I get nothing, except for what's happening with my other VPN's.
I am stumped, even though interesting traffic is apparently being seen, what could be causing the Pix to not attempt the key exchange at all?
Is it possible that something is not matching up right in your config? Could the access list specified in the crypto map not quite match the identifier of the access list?, Is it possible that the peer address used in configuring the shared key is not quite the same as the peer address in the crypto map? Is it possible that packets source from the address used by IPSec do not have IP connectivity to the peer address?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :