Ok, here's the debug info I'm getting:

(71.7 is the dest, 71.8 is the src IP, 71.8 is a 501, 71.7 is a 515, their vpn CLI settings are in my first post)

ISAKMP (0): retransmitting phase 1 ...IPSEC(key_engine): request timer fired: count = 1,

(identity) local = x.x.71.8, remote = x.x.71.7,

local_proxy = 192.168.51.0/255.255.255.0/0/0 (type=4)

remote_proxy = 192.168.50.0/255.255.255.0/0/0 (type=4)

ISAKMP (0): retransmitting phase 1...

ISAKMP (0): deleting SA: src x.x.71.8, dst x.x.71.7

ISADB: reaper checking SA 0x80a7c330, conn_id = 0 DELETE IT!

VPN Peer: ISAKMP: Peer ip:x.x.71.7 Ref cnt decremented to:0 Total VPN Peers:1

VPN Peer: ISAKMP: Deleted peer: ip:x.x.71.7 Total VPN peers:0IPSEC(key_engine): request timer fired: count = 2,

(identity) local = x.x.71.8, remote = x.x.71.7,

local_proxy = 192.168.51.0/255.255.255.0/0/0 (type=4)

remote_proxy = 192.168.50.0/255.255.255.0/0/0 (type=4)

VPN Peer: ISAKMP: Added new peer: ip: x.x.71.7 Total VPN Peers:1

VPN Peer: ISAKMP: Peer ip:x.x.71.7 Ref cnt incremented to:1 Total VPN Peers:1

ISAKMP(0): beginning Main Mode exchange

crypto_isakmp_process_block: src x.x.71.7, dest x.x.71.8

OAK_MM exchange

ISAKMP(0): processing SA payload. message ID =0

ISAKMP(0): Checking ISAKMP transform 1 against priority 10 policy

ISAKMP: encryption DES-CBC

ISAKMP: hash SHA

ISAKMP: default group1

ISAKMP: auth pre-share

ISAKMP: life type in seconds

ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80

ISAKMP(0): atts are acceptable. Next payload is 0

ISAKMP(0): SA is doing preshared key authentication using id type ID_PQDN

return status is IKMP_NO_ERROR

crypto_isakmp_process_block: src x.x.71.7, dest x.x.71.8

OAK_MM exchange

ISAKMP(0): processing KE payload. message ID = 0

ISAKMP(0): processing NONCE payload. message ID = 0

ISAKMP(0): processing vendor id payload

ISAKMP(0): processing vendor id payload

ISAKMP(0): remote peer supports dead peer detection

ISAKMP(0): processing vendor id payload

ISAKMP(0): speaking to another IOS box!

ISAKMP(0): ID payload

next-payload : 8

type : 2

protocol : 17

port : 500

length : 27

ISAKMP(0): Total payload length: 31

return status is IKMP_NO_ERROR

Thanks for any help you can give.

Dave

no, they are both connected directly to DSL modems. Those DSL modems supply the outside interfaces with the x.x.71.7 and 71.8 IP addresses.

This is a shot in the dark, but I'm down to that :), could there potentially be a problem with the fact that I am using the same policy number for both of my end points of the attempted VPN here? ...

thx again,

Dave

Hi Dave,

Add the command " isakmp identity address " on both the pixes and then try to bring up the tunnel.

Regards,

Arul

Im sorry, it doesnt seemed to have changed anything...

The new output is as follows:

ISAKMP (0): retransmitting phase 1...

ISAKMP (0): deleting SA: src MainOffice, dst ConstOffice

ISADB: reaper checking SA 0x813ce480, conn_id = 0 DELETE IT!

VPN Peer: ISAKMP: Peer ip:ConstOffice Ref cnt decremented to:0 Total VPN Peers:1

VPN Peer: ISAKMP: Deleted peer: ip:ConstOffice Total VPN peers:0

crypto_isakmp_process_block: src ConstOffice, dest MainOffice

VPN Peer: ISAKMP: Added new peer: ip:ConstOffice Total VPN Peers:1

VPN Peer: ISAKMP: Peer ip:ConstOffice Ref cnt incremented to:1 Total VPN Peers:1

OAK_MM exchange

ISAKMP (0): processing SA payload. message ID = 0

ISAKMP (0): Checking ISAKMP transform 1 against priority 10 policy

ISAKMP: encryption DES-CBC

ISAKMP: hash SHA

ISAKMP: default group 1

ISAKMP: auth pre-share

ISAKMP: life type in seconds

ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80

ISAKMP (0): atts are acceptable. Next payload is 0

ISAKMP (0): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR

return status is IKMP_NO_ERROR

crypto_isakmp_process_block: src ConstOffice, dest MainOffice

OAK_MM exchange

ISAKMP (0): processing KE payload. message ID = 0

ISAKMP (0): processing NONCE payload. message ID = 0

ISAKMP (0): processing vendor id payload

ISAKMP (0): processing vendor id payload

ISAKMP (0): remote peer supports dead peer detection

ISAKMP (0): processing vendor id payload

ISAKMP (0): speaking to another IOS box!

return status is IKMP_NO_ERROR

crypto_isakmp_process_block: src ConstOffice, dest MainOffice

ISAKMP: reserved not zero on payload 5!IPSEC(key_engine): request timer fired: c

ount = 2,

(identity) local= 64.53.71.7, remote= ConstOffice,

local_proxy= 192.168.50.0/255.255.255.0/0/0 (type=4),

remote_proxy= 192.168.51.0/255.255.255.0/0/0 (type=4)

crypto_isakmp_process_block: src ConstOffice, dest MainOffice

ISAKMP: reserved not zero on payload 5!

crypto_isakmp_process_block: src ConstOffice, dest MainOffice

ISAKMP: reserved not zero on payload 5!

ISAKMP (0): deleting SA: src ConstOffice, dst MainOffice

ISADB: reaper checking SA 0x813ce480, conn_id = 0 DELETE IT!

VPN Peer: ISAKMP: Peer ip:ConstOffice Ref cnt decremented to:0 Total VPN Peers:1

VPN Peer: ISAKMP: Deleted peer: ip:ConstOffice Total VPN peers:0

I do appreciate your help. If you feel any other information might be helpful please feel free to ask. Arul, if it would help you to have the full configs of both firewalls I wouldnt mind emailing them to you sir.

Thank you for your time.

Dave

You! are the Man! :)

I may just have to name my firstborn after you....sure hope its a boy....

Thank you very much sir!

oh durn it... I spoke too soon, its only half way working.

From the main office I can ping the construction office, but from the construction office i cant ping anything in the main office.

Now all I get when I run debug is :

ISADB:Reaper checking SA 0x80a7c278, conn_id=0

Sorry to keep dragging this issue out, I do appreciate your help

Hi Dave,

You are welcome anytime. Regarding the above issue, can you explain to me in detail the issue that you are running into and also the ip addresses that you are trying to access(source and destination).

Regards,

Arul

oh, sorry, I got this working now, thanks though :)