Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN PIX Firewall 6.3(5) issue

Hi

Im trying to configure a VPN lan-to-lan in 2 locations.

but this VPN Tunnel is not working, these are the details of the VPN Tunel

crypto map:

Transform-Set 3des, sha, group2, lifetime 3600,the peer, and an access-list (host-to-host)

isakmp pre-share, 3des, sha, df group 2, lifetime 86400.

im getting this in the debug crypto isakmp, could someone know if i am missing some details in the configuration?.

Debug ISAKMP:

ISAKMP (0): processing SA payload. message ID = 0

ISAKMP (0): Checking ISAKMP transform 1 against priority 1 policy

ISAKMP: encryption 3DES-CBC

ISAKMP: hash SHA

ISAKMP: default group 2

ISAKMP: auth pre-share

ISAKMP: life type in seconds

ISAKMP: life duration (basic) of 3600

ISAKMP (0): atts are acceptable. Next payload is 0

ISAKMP (0): processing vendor id payload

ISAKMP (0): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR

return status is IKMP_NO_ERROR

crypto_isakmp_process_block:src:xxx.xxx.xxx.xxx, dest:xxx.xxx.xxx.xxx spt:500 dpt:500

OAK_MM exchange

ISAKMP (0): processing KE payload. message ID = 0

ISAKMP (0): processing NONCE payload. message ID = 0

ISAKMP (0): processing vendor id payload

ISAKMP (0): processing vendor id payload

ISAKMP (0): received xauth v6 vendor id

ISAKMP (0): processing vendor id payload

ISAKMP (0): speaking to another IOS box!

ISAKMP (0): processing vendor id payload

ISAKMP (0): speaking to a VPN3000 concentrator

ISAKMP (0): ID payload

next-payload : 8

type : 1

protocol : 17

port : 500

length : 8

ISAKMP (0): Total payload length: 12

return status is IKMP_NO_ERROR

crypto_isakmp_process_block:src:xxx.xxx.xxx.xxx, dest:xxx.xxx.xxx.xxx spt:500 dpt:500

OAK_MM exchange

ISAKMP (0): processing ID payload. message ID = 0

ISAKMP (0): processing HASH payload. message ID = 0

ISAKMP (0): processing vendor id payload

ISAKMP (0): remote peer supports dead peer detection

ISAKMP (0): SA has been authenticated

ISAKMP (0): beginning Quick Mode exchange, M-ID of 426085703:19658d47

return status is IKMP_NO_ERROR

crypto_isakmp_process_block:src:xxx.xxx.xxx.xxx, dest:xxx.xxx.xxx.xxx spt:500 dpt:500

ISAKMP (0): processing NOTIFY payload 18 protocol 1

spi 0, message ID = 2277627688

return status is IKMP_NO_ERR_NO_TRANS

crypto_isakmp_process_block:src:xxx.xxx.xxx.xxx, dest:xxx.xxx.xxx.xxx spt:500 dpt:500

ISAKMP (0): processing DELETE payload. message ID = 2920063985, spi size = 16

ISAKMP (0): deleting SA: src xxx.xxx.xxx.xxx, dst xxx.xxx.xxx.xxx

return status is IKMP_NO_ERR_NO_TRANS

ISADB: reaper checking SA 0x13ab0cc, conn_id = 0 DELETE IT!

VPN Peer:ISAKMP: Peer Info for xxx.xxx.xxx.xxx/500 not found - peers:2

ISADB: reaper checking SA 0x12095cc, conn_id = 0

1 REPLY
New Member

Re: VPN PIX Firewall 6.3(5) issue

The cause of the issue was the remote peer, the parameters of phase 2 were wrong

127
Views
0
Helpful
1
Replies
CreatePlease to create content