Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ipsec

dear sir

i am trying to configure ip tunnel in cisco pix 515 i get the configuration from our configuration our customer it but i am not able to establish the connection.

can some body help.

here is my configuration as per per our client and debug test

access-list inside_outbound_nat0_acl permit ip host 152.153.195.22 194.xxx.xxx.xxx 255.255.255.252

access-list outside_cryptomap_20 permit ip host 152.153.195.22 194.xxx.xxx.xxx 255.255.255.252

nat (inside) 0 access-list inside_outbound_nat0_acl

sysopt connection permit-ipsec

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto map outside_map 20 ipsec-isakmp

crypto map outside_map 20 match address outside_cryptomap_20

crypto map outside_map 20 set peer 194.xxx.xxx.xxx

crypto map outside_map 20 set transform-set ESP-DES-MD5

crypto map outside_map 20 set security-association lifetime seconds 28800 kilobytes 7200

crypto map outside_map interface outside

isakmp enable outside

isakmp key ******** address 194.xxx.xxxx.xxx netmask 255.255.255.255 no-xauth no-config-mode

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption des

isakmp policy 20 hash md5

isakmp policy 20 group 1

isakmp policy 20 lifetime 7200

debug test

ISAKMP (0): beginning Main Mode exchange

ISAKMP (0): retransmitting phase 1 (0)...IPSEC(key_engine): request timer fired:

count = 1,

(identity) local= 212.xxx.xxx.xxx, remote= 194.xxx.xxx.xxx,

local_proxy= 152.153.195.22/255.255.255.255/0/0 (type=1),

remote_proxy= 194.xxx.xxx.xxx/255.255.255.252/0/0 (type=4)

ISAKMP (0): retransmitting phase 1 (1)...

ISAKMP (0): deleting SA: src 212.xxx.xxx.xxx, dst 194.xxx.xxx.xxx

ISADB: reaper checking SA 0xf9fc6c, conn_id = 0 DELETE IT!

VPN Peer:ISAKMP: Peer Info for 194.xxx.xxx.xxx/500 not found - peers:0

IPSEC(key_engine): request timer fired: count = 2,

(identity) local= 212.xxx.xxx.xxx, remote= 194.39.131.169,

local_proxy= 152.153.195.22/255.255.255.255/0/0 (type=1),

remote_proxy= 194.xxx.xxx.xxx/255.255.255.252/0/0 (type=4)

regards

yaseen

1 REPLY
Gold

Re: ipsec

assuming a lan-lan vpn tunnel is the aim, the acls are inaccurate.

access-list inside_outbound_nat0_acl permit ip

access-list outside_cryptomap_20 permit ip

99
Views
0
Helpful
1
Replies