Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Vpn Tunnel Error between ASA-5510 and Nortel CES2700D

Hello,

actually the problem is the tunnel is showing up but the trafic is not going thru tunnel. and when I do "debug crypto isakmp " then its showing error " Information exchange proccesing error " . I am attaching ASA Configuration and error.

please look in to my matter.

Thanks ,

Nitin

3 REPLIES
Cisco Employee

Re: Vpn Tunnel Error between ASA-5510 and Nortel CES2700D

Hi Nitin,

Thanks for attaching the configuration -

Taking a look at the crypto ACL "outside_20_cryptomap", you have two statements.

From the symptoms you are saying, it maybe that your NAT exemption might not be configured properly.

Looking at the Nat exemption ACL "inside_nat0_outbound" it does seem like you do not have the proper entry.

Please make sure that your encryption ACL entries are the exact replica of your NAT exemption entries.

In your case, your NAT exemption entry should be

access-list inside_nat0_outbound extended permit ip host X.X.X.131 host 169.10.33.58

access-list inside_nat0_outbound extended permit icmp host X.X.X.131 host 169.10.33.58

Let me know. Otherwise we might have to get some extensive debugging to figure out the issue.

Rate this post, if it helps.

Thanks

Gilbert

New Member

Re: Vpn Tunnel Error between ASA-5510 and Nortel CES2700D

Hi Gilbert,

Thanks,your suggesion is very helpfull for me..and now the data is going thru.

Thaks alot,

Nitin

New Member

Re: Vpn Tunnel Error between ASA-5510 and Nortel CES2700D

edited..

259
Views
4
Helpful
3
Replies