11-29-2007 12:19 PM - edited 02-21-2020 03:24 PM
The VPN isn't coming up. I configured the ASA manually and used the SDM for the router, hence the poor naming in my config.
The ASA protects 191.1.1.0/24 and the router protects 192.168.1.0/24
Any help would be great as this is wrecking my head. The remote access vpns work fine to the ASA and have removed some from the config.
11-29-2007 02:23 PM
do this:
no crypto map VPN 1 ipsec-isakmp dynamic dyn1
crypto map VPN 65535 ipsec-isakmp dynamic dyn1
You have to make the dynamic with the largest
crypto map sequence number. Cisco doesn't
enforce it in version 6.x but they decide to do
this in version 7.x
12-03-2007 09:41 AM
hi i tried this and still no joy. I'm going to clear off all the crypto configs and see what happens when I re-configure
12-03-2007 10:54 AM
Before you clear the configs, can you run "deb cry is" and "deb cry ipsec", try to bring up the tunnel and capture the debug outputs and post it in the forum.
Regards,
Arul
12-03-2007 01:25 PM
first thing i see, is that you are missing a transform set on your ASA:
crypto map VPN 3 match address SITE-VPN
you're using it, but it's not defined. moving the dynamic statement to the end is definitely good practice as well.
-brad
(please rate the post if this helps!)
12-10-2007 11:01 AM
HI All,
thanks for your comments but there was a problem with the router config. Once I ran the wizard again it brought the tunnel up
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide