Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Problems with IPsec Site-to-Site VPN

Hello,

I'm trying to establish a Site-to-Site VPN between an Cisco 2611XM (local site) and a Cisco 1721 (remote site). The tunnel doesn't come up, because IKE phase 1 doesn't complete. The 2611XM is configured by myself and the 1721 is configured by an administrator from an other company who is conviced that his configuration ist correct. I stared at my configuration on and on but I can't find a conclusion. Maybe you can give help. Thanks a lot.

5 REPLIES
Bronze

Re: Problems with IPsec Site-to-Site VPN

The crypto map VPN should be applied to the fastethernet0/0 interface.

Guys...Pls correct me if i am wrong.

regards

Zubair

New Member

Re: Problems with IPsec Site-to-Site VPN

Thanks for your help but it's indeed not necessary. I tried it before and it doedn't make any difference.

New Member

Re: Problems with IPsec Site-to-Site VPN

This ist the debug from the remote site, while I try to establish an IPSec tunnel.

Silver

Re: Problems with IPsec Site-to-Site VPN

Hi,

The remote box does not like your proxy identities, ie. ACLs for interesting traffic for crypto map configured at both ends seem to be different. You may consider to ask the other box configuration and adjust accordingly. As a test you may try to leave the first ACL entry only within your eds-fern-vpn ACL, ie. "permit gre host 62.153.168.101 host 62.225.181.221" and see if there is any difference.

Best regards,

Antonin

New Member

Re: Problems with IPsec Site-to-Site VPN

Thanks a lot Antonin! After removing all ACL-Entries except the one you mentioned the tunnel came up.

Best regards,

Toby.

214
Views
0
Helpful
5
Replies