I'm trying to establish a Site-to-Site VPN between an Cisco 2611XM (local site) and a Cisco 1721 (remote site). The tunnel doesn't come up, because IKE phase 1 doesn't complete. The 2611XM is configured by myself and the 1721 is configured by an administrator from an other company who is conviced that his configuration ist correct. I stared at my configuration on and on but I can't find a conclusion. Maybe you can give help. Thanks a lot.
The remote box does not like your proxy identities, ie. ACLs for interesting traffic for crypto map configured at both ends seem to be different. You may consider to ask the other box configuration and adjust accordingly. As a test you may try to leave the first ACL entry only within your eds-fern-vpn ACL, ie. "permit gre host 18.104.22.168 host 22.214.171.124" and see if there is any difference.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...