12-21-2009 10:40 AM
We have a pix 515 (6.3.5) and a ASA5510 (8.2.1)
We must set up a site2site vpn but seems to have problems which cannot find
It seems that even the ISAKMP phase has got problem
Below an extract of the debug crypto isakmp taken from the PIX
The strange thing I noticed is that it thinks it connect to a VPN concentrator
ISAKMP (0): Checking ISAKMP transform 1 against priority 5 policy
ISAKMP: default group 2
ISAKMP: encryption 3DES-CBC
ISAKMP: hash SHA
ISAKMP: auth pre-share
ISAKMP: life type in seconds
ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
ISAKMP (0): atts are acceptable. Next payload is 3
ISAKMP (0): processing vendor id payload
ISAKMP (0:0): vendor ID is NAT-T
ISAKMP (0): processing vendor id payload
ISAKMP (0:0): vendor ID is NAT-T
ISAKMP (0): processing vendor id payload
ISAKMP (0): processing vendor id payload
ISAKMP (0): SA is doing pre-shared key authentication using id type ID_FQDN
ISAKMP (0:0): sending NAT-T vendor ID - rev 2 & 3
ISAKMP (0:0): Detected port floating
return status is IKMP_NO_ERROR
crypto_isakmp_process_block:src:x.x.x.x, dest:y.y.y.y spt:500 dpt:500
OAK_MM exchange
ISAKMP (0): processing KE payload. message ID = 0
ISAKMP (0): processing NONCE payload. message ID = 0
ISAKMP (0): processing vendor id payload
ISAKMP (0): processing vendor id payload
ISAKMP (0): received xauth v6 vendor id
ISAKMP (0): processing vendor id payload
ISAKMP (0): speaking to another IOS box!
ISAKMP (0): processing vendor id payload
ISAKMP (0): speaking to a VPN3000 concentrator
ISAKMP (0:0): Detected NAT-D payload
can anyone tell me if there are problem with pix 6.3 and ASA 8.x or if there 's something in the configuration ?
thanks
12-29-2009 04:55 AM
That's what I noticed too . I found that for some reason the ASA didn't treat the traffic as interesting and so it was encrypted.
I made the configuration again , this time I didn't use network objects in the access list used in the crypto map.
I don't know it that was the problem but now it's working
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide