07-29-2008 02:50 PM
Dear All,
I have 2 branch routers being configured for site-to-site VPN, but the tunnel is not coming!
I ran debug and I am attaching herwith the output for your kind review and recommendation. I am also attaching here the configs of the 2 branch routers.
Any idea on why the Site-to-site VPN is not coming up?
Regards,
Haitham
Solved! Go to Solution.
07-30-2008 07:06 AM
You got it!
Only because you re-used the same crypto map for both the lan to lan and the vpn-client traffic.
this from the DOC CD
no-xauth
(Optional) Use this keyword if router-to-router IP Security (IPSec) is on the same crypto map as a Virtual Private Network (VPN)-client-to-Cisco-IOS IPSec. This keyword prevents the router from prompting the peer for extended authentication (Xauth) information (username and password).
07-29-2008 02:55 PM
on the HQ and the branch please put
crypto isakmp key ****** address X.X.X.X NO-XAUTH
at the end of your crypto isakmp key.
-Joe
07-29-2008 10:29 PM
Hi Joe,
Yes it worked perfectly...
So, what is the need for NO-XAUTH here, I have configured multiple site-to-site VPNs without using this keyword?!
Is it because I am configuring remote access VPN on the HQ router?
Regards,
Haitham
07-30-2008 07:06 AM
You got it!
Only because you re-used the same crypto map for both the lan to lan and the vpn-client traffic.
this from the DOC CD
no-xauth
(Optional) Use this keyword if router-to-router IP Security (IPSec) is on the same crypto map as a Virtual Private Network (VPN)-client-to-Cisco-IOS IPSec. This keyword prevents the router from prompting the peer for extended authentication (Xauth) information (username and password).
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: