ā10-06-2010 12:07 PM - edited ā02-21-2020 04:53 PM
i have a L2L ipsec tunnel built between a 5520 and 5510. i am pretty sure i have configured everything i need to but when i do a show cry ipsec sa there is nothing there. i am sure the firewalls inbetween are opened up to allow the connections as well. also everytime i configured a part of the cryptomap like command: crypto map outside_map 10 set peer 6.7.0.13 it would come back with this error
[IKEv1]: Ignoring msg to mark SA with specified coordinates <outside_map, 10> dead.
any ideas?
Solved! Go to Solution.
ā10-06-2010 02:17 PM
Hi,
Could you please paste the output of the following command "show run crypto" from both the ASAs. Also what do you see when you give "show cry isa sa".
Also if your crypto ACLs for the tunnel have something like this "access-list ACL extended permit tcp host 192.168.11.11 host 10.1.100.105 eq ftp"
Change the ACL to ip i.e. "access-list ACL extended permit ip host 192.168.11.11 host 10.1.100.105 " Let me know if that helps
Thanks,
Namit
ā10-06-2010 02:17 PM
Hi,
Could you please paste the output of the following command "show run crypto" from both the ASAs. Also what do you see when you give "show cry isa sa".
Also if your crypto ACLs for the tunnel have something like this "access-list ACL extended permit tcp host 192.168.11.11 host 10.1.100.105 eq ftp"
Change the ACL to ip i.e. "access-list ACL extended permit ip host 192.168.11.11 host 10.1.100.105 " Let me know if that helps
Thanks,
Namit
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: