Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
438
Views
0
Helpful
2
Replies

VPN between Cisco 1710 and Alcatel OmniPCX Office

l.cabral
Level 1
Level 1

‎08-11-2003 04:39 AM - edited ‎02-21-2020 12:42 PM

Hi,

We need to setup a VPN between a Cisco 1710 (IOS 12.2(13)T5)router as the hub router and an Alcatel OmniPCX Office (release 1.1) as a remote office. By now we're getting many ISAKMP SAs established but IPSEC phase is not even initiated.

Here are a couple of show commands:

sfe#sh cryp isa sa

dst src state conn-id slot

192.168.31.1 192.168.31.10 QM_IDLE 4 0

192.168.31.1 192.168.31.10 QM_IDLE 32 0

192.168.31.1 192.168.31.10 QM_IDLE 21 0

192.168.31.1 192.168.31.10 QM_IDLE 16 0

192.168.31.1 192.168.31.10 QM_IDLE 6 0

192.168.31.1 192.168.31.10 QM_IDLE 8 0

192.168.31.1 192.168.31.10 QM_IDLE 9 0

192.168.31.1 192.168.31.10 QM_IDLE 14 0

192.168.31.1 192.168.31.10 QM_IDLE 1 0

192.168.31.1 192.168.31.10 QM_IDLE 25 0

192.168.31.1 192.168.31.10 QM_IDLE 24 0

192.168.31.1 192.168.31.10 QM_IDLE 28 0

192.168.31.1 192.168.31.10 QM_IDLE 31 0

192.168.31.1 192.168.31.10 QM_IDLE 7 0

192.168.31.1 192.168.31.10 QM_IDLE 5 0

192.168.31.1 192.168.31.10 QM_IDLE 13 0

192.168.31.1 192.168.31.10 QM_IDLE 27 0

192.168.31.1 192.168.31.10 QM_IDLE 19 0

192.168.31.1 192.168.31.10 QM_IDLE 26 0

192.168.31.1 192.168.31.10 QM_IDLE 15 0

192.168.31.1 192.168.31.10 QM_IDLE 34 0

192.168.31.1 192.168.31.10 QM_IDLE 29 0

192.168.31.1 192.168.31.10 QM_IDLE 10 0

192.168.31.1 192.168.31.10 QM_IDLE 23 0

192.168.31.1 192.168.31.10 QM_IDLE 11 0

192.168.31.1 192.168.31.10 QM_IDLE 18 0

192.168.31.1 192.168.31.10 QM_IDLE 3 0

192.168.31.1 192.168.31.10 QM_IDLE 2 0

192.168.31.1 192.168.31.10 QM_IDLE 22 0

192.168.31.1 192.168.31.10 QM_IDLE 12 0

192.168.31.1 192.168.31.10 QM_IDLE 30 0

192.168.31.1 192.168.31.10 QM_IDLE 33 0

192.168.31.1 192.168.31.10 QM_IDLE 20 0

192.168.31.1 192.168.31.10 QM_IDLE 17 0

sfe#

sfe#sh cryp ipse sa

sfe#

Lab topology is:

192.168.30.0/24----192.168.31.0/24----192.168.32.0/24

Alcatel LAN-------- Internet -------Cisco LAN

It seems that Alcatel is using a Linux/Freeswan VPN base, but it's not very administrable, so I assume all tuning must be done in the router side.

Any help will be really appreciated,

chabral

Labels:
0 Helpful
2 Replies 2

vkapoor5
Level 5
Level 5

‎08-14-2003 12:27 PM

IPSec SAs will be formed only when all the ISAKMP SAs are established. So you will have to first check the ISAKMP configurations on both sides. Make sure you have atleast one matching ISAKMP policy between the two peers.

Here is the Cisco website that gives a lot of examples on how to configue IPSec between Cisco routers and other devices like PCs. etc.

http://www.cisco.com/pcgi-bin/Support/browse/psp_view.pl?p=Internetworking:IPSec&viewall=true

0 Helpful

l.cabral
Level 1
Level 1

‎08-28-2003 04:44 AM

Just for the record, still no way of doing it work with a router, but no problem workig with a pix. It seems IOS soft and PIX soft handle ipsec in different ways.

If I've some news, i'll tell you.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents