Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Problems with VPN to Junipter Redundant Firewall Active Actice setup.

                  I am using 6500 with VPN Accellerator on this device.  I have a dozen other VPN connections GRE and IPSEC to routers and ASA and other Junipter Firewalls.

They all work perfectly.

The error I get is map_db_find_best did not find matching map (Never seen this error be for)

IPSEC(cryto_ipsec_process_proposal); no IPSEC cryptomap exists for local address x.x.x.x (There is a CryptoMAP)

ISAKMP: phase 2 SA policy not acceptable

It has 2 peers:

sw1 ---Junipter1

        \ Junipter2

I can't put the whole config for security reasons.

Any help would be greatly apprecated.

Everyone's tags (5)
5 REPLIES

Problems with VPN to Junipter Redundant Firewall Active Actice s

Dear Cecil,

Could you please double-check and make sure you have the right IP address in the right crypto map?

Thanks.

New Member

Problems with VPN to Junipter Redundant Firewall Active Actice s

It passes isa phase 1 and has 2 peer addresses.  I 2 peer addresses the problem.

New Member

Problems with VPN to Junipter Redundant Firewall Active Actice s

Is it the 2 peers that are the problem?

Re: Problems with VPN to Junipter Redundant Firewall Active Acti

What you mean by 2 peers? Both in the same crypto map or two different crypto maps?

Could you please elaborate a little bit more on the config details?

Thanks.

New Member

Problems with VPN to Junipter Redundant Firewall Active Actice s

cypto isakmp key SOMEKEY address x.x.x.33 no-xauth

cypto isakmp key SOMEKEY address x.x.x.41 no-xauth

Crypto isakmp policy 10

     encr 3des

     hash md5

     authentication pre-share

     group 2

crypto ipsec transform-set 3des-tunel esp-3des esp-md5-hmac

crypto map IPSecTunnel 90 ipsec-isakmp

set peer x.x.x.33

set peer x.x.x.41

set transform-set 3des-tunnel

set pfs group2

match address SOMENAME

ip access ex SOMENAME

10 permit tcp  host LocalhostIP  host RemotehostIP

334
Views
0
Helpful
5
Replies
CreatePlease login to create content