Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Site-to-site VPN Configuration


I have tried to setup a site to site vpn connection using SDM from a Cisco 857 Router located at our branch office to our ISA 2004 server located at our main office but I am having some strange results.

The first time I setup the site-to-site tunnel it comes up fine and I can ping an ip address on our main offices network. I can also ping a ip address from at our branch office from the main office. The problem is that the connection drops and I can no longer get it reconnected from the branch office. However if I simply try and ping the branch office from the main office the tunnel comes back up but drops after a short time.

I put on debugging on my router and noticed I am getting the following:

mtree says we have SA but couldn't find current outbound SA.dropping pak. pak->cryptoflags-0x820

My Basic setup is:

Main Office:

Public IP:

Local Network:

Remote Office:

Public IP:

Local Network:

Please find attached the config file from my Cisco router (I have altered the Public IP's for security reasons)

Any help is greatly appreciated.


Cisco Employee

Re: Site-to-site VPN Configuration

Hello glen.bingham,

Can you run the following debugs:

debug cry isakmp

debug cry ipsec

you may need to setup logging appropriately to capture the relvenat info. The logs should detail why you are having this issue.