Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Bronze

VPN Problem

Dears ,

I'm creating a VPN Tunnel with Sonice Wall firewall and Í'm getting so many VPN associations as given below and the number is incresing

Albinali#sh crypto isakmp sa

dst src state conn-id slot status

Y.Y.Y.Y X.X.X.X QM_IDLE 24 0 ACTIVE

Y.Y.Y.Y X.X.X.X QM_IDLE 23 0 ACTIVE

Y.Y.Y.Y X.X.X.X QM_IDLE 22 0 ACTIVE

Y.Y.Y.Y X.X.X.X QM_IDLE 21 0 ACTIVE

Y.Y.Y.Y X.X.X.X QM_IDLE 20 0 ACTIVE

Y.Y.Y.Y X.X.X.X QM_IDLE 19 0 ACTIVE

Y.Y.Y.Y X.X.X.X QM_IDLE 18 0 ACTIVE

Y.Y.Y.Y X.X.X.X QM_IDLE 17 0 ACTIVE

Y.Y.Y.Y X.X.X.X QM_IDLE 16 0 ACTIVE

Y.Y.Y.Y X.X.X.X QM_IDLE 15 0 ACTIVE

Y.Y.Y.Y X.X.X.X QM_IDLE 14 0 ACTIVE

Y.Y.Y.Y X.X.X.X QM_IDLE 13 0 ACTIVE

Y.Y.Y.Y X.X.X.X QM_IDLE 12 0 ACTIVE

Y.Y.Y.Y X.X.X.X QM_IDLE 11 0 ACTIVE

Y.Y.Y.Y X.X.X.X QM_IDLE 10 0 ACTIVE

Y.Y.Y.Y X.X.X.X QM_IDLE 9 0 ACTIVE

Y.Y.Y.Y X.X.X.X QM_IDLE 8 0 ACTIVE

Y.Y.Y.Y X.X.X.X QM_IDLE 7 0 ACTIVE

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

crypto isakmp key dell@8574882 address 212.76.83.50

crypto isakmp identity hostname

crypto isakmp ccm

!

!

crypto ipsec transform-set vpn esp-3des esp-sha-hmac

!

crypto identity hostname

!

!

crypto map VPN_MAP 1 ipsec-isakmp

set peer X.X.X.X

set security-association lifetime seconds 86400

set transform-set vpn

match address vpn

!

!

!

!

interface FastEthernet0/0

description Towards_LAN

ip address 172.21.81.1 255.255.255.224 secondary

ip address 192.168.5.1 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

description Towards_PoE_Wireless_Injector

ip address Y.Y.Y.Y 255.255.255.248

ip nat outside

ip virtual-reassembly

speed 100

full-duplex

crypto map VPN_MAP

!

ip classless

ip route 0.0.0.0 0.0.0.0 172.21.80.1

!

!

no ip http server

ip http access-class 23

no ip http secure-server

ip nat inside source list 123 interface FastEthernet0/1 overload

!

ip access-list extended vpn

permit ip 192.168.5.0 0.0.0.255 190.10.0.0 0.0.255.255

1 REPLY
New Member

Re: VPN Problem

Hi there, am not so very much conversant with Sonic Walls but i think what you are missing is nat exemption for that traffic flow. Try exempting it and see what happens. whats your show crypto engine giving you ?

111
Views
0
Helpful
1
Replies