Tunnels not coming up

JUSTIN LOUCKS · ‎03-08-2004

I am trying to implement GRE tunnels for Site-to-Site VPN using routers. I am having problems getting this to work. My head-end router is currently behind my PIX firewall and I am using a static translation to publish it to the outside world. The traffic does not seem to be flowing properly though. I have turned on debugging, but I'm not seeing much at all. What types of traffic are to be allowed through the PIX to the router? I currently have conduits in the PIX to allow UDP eq ISAKMP, ESP, and GRE. Am I missing something?

Any assistance would be greatly appreciated. I can post configs if desired.

JUSTIN LOUCKS · ‎03-08-2004

Attached are some of the debug messages I am getting on the head-end router for ISAKMP if anyone can pinpoint the problem from this.

JUSTIN LOUCKS · ‎03-08-2004

Attached are some of the debug messages I am getting on the head-end router for ISAKMP if anyone can pinpoint the problem from this.

JUSTIN LOUCKS · ‎03-08-2004

I'm getting closer now. I had found another post in the VPN Security forums about allowing port UDP 4500 through the PIX and that has helped a little bit, but the tunnel is still not coming up. Here is the latest ISAKMP debug from the remote router.