Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

vpn site-to-stie w/wpn clients

I inherited an issue with a site-to-site vpn connection. It's looks like below w/nat being done on r1 for the pix. The vpn clients can connect but the site-to-site won't come up. To compound the issue R1 has two internet connections so policy routing is being used. Any assistance would be greatly appreciated.

Pix--R1--Internet--R2--checkpt

I've attached pix, router, and isakmp debug.

thanks.

Josh

2 REPLIES
Cisco Employee

Re: vpn site-to-stie w/wpn clients

I see that the isakmp gets stuck in the below state, which could be something to do with the PSK>

69.25.174.245 172.16.200.1 MM_KEY_EXCH

Can you make sure that the preshared key is matching on both the sides.

Regards,

Arul

** Please rate all helpful posts **

New Member

Re: vpn site-to-stie w/wpn clients

thanks Arul, the keys do match. The tunnel works when I take out the nat-traversal command, but when added back the far end still see me trying port 4500 to connect.

106
Views
0
Helpful
2
Replies