Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Site-to-Site VPN connection issue

Hello,

i just finished configuring a site to site VPN between two routers, but they don't seem to connect. I have tested WAN connectivity, and it works fine,...and the worst part of it, this is not the first time i have set up this type of connection, but i have never had this issue. Debugs dont even seem to work. Please find below copies of my config...

R1

crypto isakmp key 0 uqef23fr923fg address xx.xx.xx.xx

!

crypto ipsec transform-set headoffice esp-des esp-md5-hmac

!

crypto map headoffice 13 ipsec-isakmp

set peer xx.xx.xx.xx

set transform-set headoffice

match address 103

!

access-list 103 permit ip 10.1.16.0 0.0.15.255 10.3.16.0 0.0.15.255

R2

crypto isakmp key uqef23fr923fg address

yy.yy.yy.yy

!

crypto ipsec transform-set headoffice esp-des esp-md5-hmac

!

crypto map headoffice 13 ipsec-isakmp

set peer yy.yy.yy.yy

set transform-set headoffice

match address 105

!

access-list 105 permit ip 10.3.16.0 0.0.15.255 10.1.16.0 0.0.15.255

Thank you for your anticipated response.

5 REPLIES

Re: Site-to-Site VPN connection issue

Hi

Did you check using show crypto isakmp sa and show crypto ipsec sa ?

Also is your peers reachable from both the ends ? did u check the connectivity to the peers ?

regds

New Member

Re: Site-to-Site VPN connection issue

Hi..as you can see, from my previous mail, i stated it there that i had checked WAN connectivity, and it works fine....my configs will give you all the information the show commands would.

Re: Site-to-Site VPN connection issue

When you say debug does not work what do you mean? The debug information is the quickest way to resolve these issues.

Is iskamp enabled? Is the crypto-map applied? Are the iskamp parameters matching?

The config extract you attached does not give all the information. Use the show commands to verify your configuration, and then analyze the debug information to determine the cause of the problem.

New Member

Re: Site-to-Site VPN connection issue

not sure if you left these out of the posting on purpose or not, but the things i don't see in your config are an isakmp policy:

crypto isakmp policy 4

authentication pre-share

and where you applied the crypto map to the interface:

int s0/0

crypto map headoffice

Also, i've never had my crypto map and my transform set use the same name, so i don't know if that would be a problem or not.

good luck!

--j

New Member

Re: Site-to-Site VPN connection issue

Hi, sori i left those out, but i can assure you everything i av all those configured. My crypto map was applied on the Dialer interface, and yes...it doesnt matter if your transform-set and your cryptos share the same name, as long as there's no mismatch.

155
Views
0
Helpful
5
Replies