Re: Problems with IPsec Site-to-Site VPN

Tobias.Petry · ‎12-05-2006

Hello,

I'm trying to establish a Site-to-Site VPN between an Cisco 2611XM (local site) and a Cisco 1721 (remote site). The tunnel doesn't come up, because IKE phase 1 doesn't complete. The 2611XM is configured by myself and the 1721 is configured by an administrator from an other company who is conviced that his configuration ist correct. I stared at my configuration on and on but I can't find a conclusion. Maybe you can give help. Thanks a lot.

zubairjalal · ‎12-05-2006

The crypto map VPN should be applied to the fastethernet0/0 interface.

Guys...Pls correct me if i am wrong.

regards

Zubair

Tobias.Petry · ‎12-05-2006

Thanks for your help but it's indeed not necessary. I tried it before and it doedn't make any difference.

Tobias.Petry · ‎12-05-2006

This ist the debug from the remote site, while I try to establish an IPSec tunnel.

amikat · ‎12-06-2006

Hi,

The remote box does not like your proxy identities, ie. ACLs for interesting traffic for crypto map configured at both ends seem to be different. You may consider to ask the other box configuration and adjust accordingly. As a test you may try to leave the first ACL entry only within your eds-fern-vpn ACL, ie. "permit gre host 62.153.168.101 host 62.225.181.221" and see if there is any difference.

Best regards,

Antonin

Tobias.Petry · ‎12-07-2006

Thanks a lot Antonin! After removing all ACL-Entries except the one you mentioned the tunnel came up.

Best regards,

Toby.