12-05-2006 05:33 AM - edited 02-21-2020 02:45 PM
Hello,
I'm trying to establish a Site-to-Site VPN between an Cisco 2611XM (local site) and a Cisco 1721 (remote site). The tunnel doesn't come up, because IKE phase 1 doesn't complete. The 2611XM is configured by myself and the 1721 is configured by an administrator from an other company who is conviced that his configuration ist correct. I stared at my configuration on and on but I can't find a conclusion. Maybe you can give help. Thanks a lot.
12-05-2006 11:11 AM
The crypto map VPN should be applied to the fastethernet0/0 interface.
Guys...Pls correct me if i am wrong.
regards
Zubair
12-05-2006 11:53 PM
Thanks for your help but it's indeed not necessary. I tried it before and it doedn't make any difference.
12-05-2006 11:57 PM
12-06-2006 02:43 PM
Hi,
The remote box does not like your proxy identities, ie. ACLs for interesting traffic for crypto map configured at both ends seem to be different. You may consider to ask the other box configuration and adjust accordingly. As a test you may try to leave the first ACL entry only within your eds-fern-vpn ACL, ie. "permit gre host 62.153.168.101 host 62.225.181.221" and see if there is any difference.
Best regards,
Antonin
12-07-2006 02:10 AM
Thanks a lot Antonin! After removing all ACL-Entries except the one you mentioned the tunnel came up.
Best regards,
Toby.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide