Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN between Concentrator 3000 and PIX 501 - PHASE 2 COMPLETED, but QM FSM

I have been having some trouble getting a remote connection established to one of our remote offices, which has a PIX 501 managing the connection. In our main office, we have a Concentrator 3000. The connection establishes, but no data is received from the remote end.

However, I use this same LAN-to-LAN setup on the Concentrator to establish to a second PIX 501 in that office with a different Internet connection (they switch manually when one goes down) and that establishes and transfers data fine.

Here's the log:

23 06/09/2006 08:35:53.570 SEV=4 AUTH/22 RPT=1 <remote public IP>

User [L2L: TPG-Ecuador] Group [L2L: TPG-Ecuador] connected, Session Type: IPSec/

LAN-to-LAN

26 06/09/2006 08:35:57.830 SEV=5 IKE/35 RPT=1 <remote public IP>

Group [L2L: TPG-Ecuador]

Received remote IP Proxy Subnet data in ID Payload:

Address 172.16.18.0, Mask 255.255.255.0, Protocol 0, Port 0

29 06/09/2006 08:35:57.830 SEV=5 IKE/34 RPT=1 <remote public IP>

Group [L2L: TPG-Ecuador]

Received local IP Proxy Subnet data in ID Payload:

Address 172.18.0.0, Mask 255.255.0.0, Protocol 0, Port 0

32 06/09/2006 08:35:57.830 SEV=5 IKE/66 RPT=1 <remote public IP>

Group [L2L: TPG-Ecuador]

IKE Remote Peer configured for SA: L2L: TPG-Ecuador

33 06/09/2006 08:35:58.030 SEV=5 IKE/35 RPT=2 <remote public IP>

Group [L2L: TPG-Ecuador]

Received remote IP Proxy Subnet data in ID Payload:

Address 172.16.18.0, Mask 255.255.255.0, Protocol 0, Port 0

36 06/09/2006 08:35:58.030 SEV=5 IKE/34 RPT=2 <remote public IP>

Group [L2L: TPG-Ecuador]

Received local IP Proxy Subnet data in ID Payload:

Address 172.16.5.0, Mask 255.255.255.0, Protocol 0, Port 0

39 06/09/2006 08:35:58.030 SEV=5 IKE/66 RPT=2 <remote public IP>

Group [L2L: TPG-Ecuador]

IKE Remote Peer configured for SA: L2L: TPG-Ecuador

40 06/09/2006 08:35:58.330 SEV=4 IKE/49 RPT=1 <remote public IP>

Group [L2L: TPG-Ecuador]

Security negotiation complete for LAN-to-LAN Group (L2L: TPG-Ecuador)

Initiator, Inbound SPI = 0x3ea0c1e7, Outbound SPI = 0x20b10bfc

43 06/09/2006 08:35:58.340 SEV=4 IKE/120 RPT=1 <remote public IP>

Group [L2L: TPG-Ecuador]

PHASE 2 COMPLETED (msgid=17aca739)

44 06/09/2006 08:35:58.500 SEV=4 IKE/49 RPT=2 <remote public IP>

Group [L2L: TPG-Ecuador]

Security negotiation complete for LAN-to-LAN Group (L2L: TPG-Ecuador)

Initiator, Inbound SPI = 0x2c3c0d43, Outbound SPI = 0x9670db86

47 06/09/2006 08:35:58.510 SEV=4 IKE/120 RPT=2 <remote public IP>

Group [L2L: TPG-Ecuador]

PHASE 2 COMPLETED (msgid=b828283a)

48 06/09/2006 08:36:06.870 SEV=5 IKE/35 RPT=3 <remote public IP>

Group [L2L: TPG-Ecuador]

Received remote IP Proxy Subnet data in ID Payload:

Address 172.16.18.0, Mask 255.255.255.0, Protocol 0, Port 0

51 06/09/2006 08:36:06.870 SEV=5 IKE/34 RPT=3 <remote public IP>

Group [L2L: TPG-Ecuador]

Received local IP Proxy Subnet data in ID Payload:

Address 172.16.3.0, Mask 255.255.255.0, Protocol 0, Port 0

54 06/09/2006 08:36:06.870 SEV=5 IKE/66 RPT=3 <remote public IP>

Group [L2L: TPG-Ecuador]

IKE Remote Peer configured for SA: L2L: TPG-Ecuador

55 06/09/2006 08:36:07.060 SEV=4 IKE/49 RPT=3 <remote public IP>

Group [L2L: TPG-Ecuador]

Security negotiation complete for LAN-to-LAN Group (L2L: TPG-Ecuador)

Initiator, Inbound SPI = 0x55ffdf81, Outbound SPI = 0xc52210fb

58 06/09/2006 08:36:07.080 SEV=4 IKE/120 RPT=3 <remote public IP>

Group [L2L: TPG-Ecuador]

PHASE 2 COMPLETED (msgid=d037e421)

Suggestions appreciated -

1 REPLY

Re: VPN between Concentrator 3000 and PIX 501 - PHASE 2 COMPLETE

Hi,

What your PIX vpn config looks like?

Rgds,

AK

111
Views
0
Helpful
1
Replies
CreatePlease login to create content