Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Tunnel issue

Hi,

I have setup the tunnel in my test lab and am able to reach peer IP firewall..iskmp is up but ipsec is not working..means i am unable to reach inside network of otherside..

config attached..any suggestions/feedback

Regards

Sateesh

5 REPLIES

Re: Tunnel issue

Your error is on Firewall A:-

crypto map VPN 70 match address TEST

The ACL TEST does not exist.  Create it

access-list TEST permit ip host 192.168.200.2 host 192.168.100.2

Test again.

New Member

Re: Tunnel issue

I have modifed it...but still same problem.

Regards

Sateesh

Re: Tunnel issue

post the output of "show crypto isakmp sa" & "show crypto ipsec sa" from both ends when the tunnel is established

New Member

Re: Tunnel issue

Hi,

Required output has attached..

A - 506E pix(6.2(2)  ---- do i need to upgrade to next or any suggetions on that..

B- 5510 ASA

Regards

sateesh

Re: Tunnel issue

The tunnel has formed OK - traffic is being encrypted by Firewall B, and unencrypted by Firewall A.  However the issue is Firewall A is not encrypted any traffic, this could be of 2 reasons:-

1) The crypto tunnel has formed incorrectly, even though everything looks OK - reboot the firewall

2) There is a routing issue - check that the end device on network firewall A is receving the traffic and

    can respond/route correctly.

HTH>

197
Views
0
Helpful
5
Replies