Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Site to site vpn and site to client vpn

I have Cisco Pix firewall 5.15 with 6.x ios. I have established a site to site vpn with a customer who is having a different firewall. I have also configured site to clinet vpn connectivity. Both were working fine. But now suddenly the site to site vpn connectivity is intermidently getting connected and disconnected. I am not making any changes on my side and the customer is also telling the same. I had created three access-list 108 and 110. Access list 108 contains no nat for both the site to site and site to clinet and 110 is for the site to site for match address. The crypto map priority number is 10 for site to client and 20 for site to site. Where can i start the troubleshooting for this problem.

Thanks in Advance

4 REPLIES
Cisco Employee

Re: Site to site vpn and site to client vpn

If the client is setup for xauth mode config, make sure you do no xauth no mode config for the isakmp key statement for the lan to lan peer:

http://www.cisco.com/warp/customer/110/pixpixvpn.html

Look at the sample config for pix 1.

Regards,

New Member

Re: Site to site vpn and site to client vpn

Thanks a lot for your reply. I had already configured the no-xauth and no-config mode in the isakmp for lan to lan peer. Is there any other troubleshooting tips that i can try.

Thanks in Advance

Cisco Employee

Re: Site to site vpn and site to client vpn

you can do cebug crypto isa and debug crypto ipsec, and see what log shows. Another thing to try is to put the priority of the lan to lan higher than the client, just in case for some reason the lan to lan tries to negotiate using the higher priority and somehow match on that first causing the early disconnect afterwards.

Regards,

New Member

Re: Site to site vpn and site to client vpn

Thanks a lot. If i do a debug will that affect the performance to a great extend?

Thanks in Advance

116
Views
0
Helpful
4
Replies
CreatePlease login to create content