Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN Tunnel issue

Hi,

My vpn tunnel is not comming up, nor it shows any thing in debug, I can ping my peer address, Please advice if I am doing anything wrong.

--------

on ASA

crypto ipsec transform-set ESP_3DES_SHA esp-3des esp-sha-hmac

crypto map test_120 match address internet_cryptomap_120

crypto map test_120set peer 20.5.9.12

crypto map test_120 set transform-set ESP-3DES-SHA

crypto map test_120 interface internet

crypto map test_120 set security-association lifetime seconds 3600

isakmp enable internet

!

isakmp policy 30 authentication pre-share

isakmp policy 30 encryption 3des

isakmp policy 30 hash sha

isakmp policy 30 group 2

isakmp policy 30 lifetime 86400

pre-shared-key *

tunnel-group 20.5.9.12 type ipsec-l2l

tunnel-group 20.5.9.12 ipsec-attributes

pre-shared-key *

access-list nat0_outbound extended permit ip host 10.10.12.14 host 192.168.1.1

access-list internet_cryptomap_120 extended permit tcp host 10.10.12.14 host 192.168.1.1 eq www

access-list internet_cryptomap_120 extended permit icmp host 10.10.12.14 host 192.168.1.1

nat (optfir) 0 access-list optfir_nat0_outbound

-----------------------------------------------------------------------------------------

on PIX

crypto map vpn 70 match address outside_70_cryptomap_1

crypto map vpn 70 set pfs

crypto map vpn 70 set peer 143.22.1.1

crypto map vpn 70 set transform-set ESP-3DES-SHA

crypto map vpn 70 set security-association lifetime seconds 3600

crypto isakmp enable outside

tunnel-group 143.22.1.1 type ipsec-l2l

tunnel-group 143.22.1.1 ipsec-attributes

pre-shared-key *

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

access-list outside_70_cryptomap_1 extended permit tcp 10.10.12.14 host 192.168.1.1

access-list inside_nat_outbound extended permit ip 10.10.12.14 host 192.168.1.1

global (outside) 3 192.168.1.1 netmask 255.255.255.0 <<<----here i am natting all internal to 192.168.1.1

nat (inside) 3 access-list inside_nat_outbound

214
Views
0
Helpful
0
Replies
CreatePlease to create content