Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

pix site-to-site ipsec vpn with 3com router

Hi

I am trying to establish an Ipsec VPN (site-to-site)between pix 515e running 6.3 and 3com router. I have configured both the sides with all required stuff and now my tunnel comes up only when i intiate the traffic (ipsec protected) from the 3com router connected LAN. My tunnel is not coming up when I intiate the traffic from the pix side LAN.

I have pasted the debug output below

Also I would like to know wether I can have an voip traffic on the ipsec tunnel over internet.

ISAKMP (0): beginning Quick Mode exchange, M-ID of -371210695:e9dfc639IPSEC(key_engine): got a queue event...

IPSEC(spi_response): getting spi 0xdb86bfa3(3683041187) for SA

from x.x.236.24 to x.x.236.219 for prot 3

crypto_isakmp_process_block:src:x.x.236.24, dest:x.x.236.219 spt:500 dpt:500

OAK_QM exchange

oakley_process_quick_mode:

OAK_QM_IDLE

ISAKMP (0): processing SA payload. message ID = 3923756601

ISAKMP : Checking IPSec proposal 1

ISAKMP: transform 1, ESP_3DES

ISAKMP: attributes in transform:

ISAKMP: encaps is 1

ISAKMP: SA life type in seconds

ISAKMP: SA life duration (basic) of 28800

ISAKMP: SA life type in kilobytes

ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0

ISAKMP: authenticator is HMAC-MD5

ISAKMP (0): atts are acceptable.IPSEC(validate_proposal_request): proposal part #1,

(key eng. msg.) dest= x.x.236.24, src= x.x.236.219,

dest_proxy= 172.16.50.1/255.255.255.255/0/0 (type=1),

src_proxy= 10.1.7.111/255.255.255.255/0/0 (type=1),

protocol= ESP, transform= esp-3des esp-md5-hmac ,

lifedur= 0s and 0kb,

spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4

ISAKMP (0): processing NONCE payload. message ID = 3923756601

ISAKMP (0): processing ID payload. message ID = 3923756601

ISAKMP (0): processing ID payload. message ID = 3923756601

ISAKMP (0): processing NOTIFY payload 24576 protocol 3

spi 1262812653, message ID = 3923756601

ISAKMP (0): processing responder lifetime

ISAKMP (0): responder lifetime of 3600s

ISAKMP (0): responder lifetime of 1843200kbmap_alloc_entry: allocating entry 2

map_alloc_entry: allocating entry 1

ISAKMP (0): Creating IPSec SAs

inbound SA from x.x.236.24 to x.x.236.219 (proxy 172.16.50.1 to 10.1.7.111)

has spi 3683041187 and conn_id 2 and flags 4

lifetime of 3600 seconds

lifetime of 1843200 kilobytes

outbound SA from x.x.236.219 to x.x.236.24 (proxy 10.1.7.111 to 172.16.50.1)

has spi 1262812653 and conn_id 1 and flags 4

lifetime of 3600 seconds

lifetime of 1843200 kilobytesIPSEC(key_engine): got a queue event...

IPSEC(initialize_sas): ,

(key eng. msg.) dest= x.x.236.219, src= x.x.236.24,

dest_proxy= 10.1.7.111/255.255.255.255/0/0 (type=1),

src_proxy= 172.16.50.1/255.255.255.255/0/0 (type=1),

protocol= ESP, transform= esp-3des esp-md5-hmac ,

lifedur= 3600s and 1843200kb,

spi= 0xdb86bfa3(3683041187), conn_id= 2, keysize= 0, flags= 0x4

IPSEC(initialize_sas): ,

(key eng. msg.) src= x.x.236.219, dest= x.x.236.24,

src_proxy= 10.1.7.111/255.255.255.255/0/0 (type=1),

dest_proxy= 172.16.50.1/255.255.255.255/0/0 (type=1),

protocol= ESP, transform= esp-3des esp-md5-hmac ,

lifedur= 3600s and 1843200kb,

spi= 0x4b44fded(1262812653), conn_id= 1, keysize= 0, flags= 0x4

VPN Peer: IPSEC: Peer ip:x.x.236.24/500 Ref cnt incremented to:2 Total VPN Peers:1

VPN Peer: IPSEC: Peer ip:x.x.236.24/500 Ref cnt incremented to:3 Total VPN Peers:1

return status is IKMP_NO_ERROR

ISADB: reaper checking SA 0x120706c, conn_id = 0

344
Views
0
Helpful
0
Replies