Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

kindly check Dynamic & static Lan -to-Lan IPSEC VPN Tunnels configuration

Dear all,

kindly check Dynamic & static Lan -to-Lan IPSEC VPN Tunnels configuration.

static is working for branchoffice-1, Dynamic is not working for branchoffice-2, it will be great if any one could do the needful.

thanks & regards

3 REPLIES
Cisco Employee

Re: kindly check Dynamic & static Lan -to-Lan IPSEC VPN Tunnels

Zak,

You can apply one crypto map to the outside interface of the ASA. So, you need to link your dynamic crypto map to the already existing crypto map that is applied outside.

Remove the below line:

crypto map dyn-map 10 ipsec-isakmp dynamic

hwic-router

And Reconfigure it to:

crypto map outside_map 65535 ipsec-isakmp dynamic hwic-router

Regards,

Arul

*Pls rate all helpful posts*

New Member

Re: kindly check Dynamic & static Lan -to-Lan IPSEC VPN Tunnels

many thanks....

I applied the above statement... but still, tunnel is not up. Can i clear isakmp and check ? it will bring tunnels up.

please awaiting for your response

and see the below test result in 1841 router.

Failure Reason(s)

There is no response from the peer 65.190.88.5

Recommended Action(s)

1) Ensure that the peer device is configured properly. Generate the mirror configuration from 'Configure->VPN->Site to site VPN->Edit Site to Site VPN' and match it with the peer configuration. 2) A firewall in the network or peer device may be blocking the VPN traffic. Contact the ISP or administrator to resolve this issue.

thanks & regards,

New Member

Re: kindly check Dynamic & static Lan -to-Lan IPSEC VPN Tunnels

Good day,

Dear, even I clear crypto isakmp from ASA side, still not up. can u show me this, when I tracert or ping from IOS-1841 router to my target network, I can see packet are capsul. from 1841, but not decapsul. another thing is my first hob is my gateway, after that all are astrick till 30 hob, atleast It have to ping my peer. anything missing in 1841 configuration.

If anyupdates, please

thanks & regards,

153
Views
0
Helpful
3
Replies