09-05-2007 11:30 AM
Hi,
We don't know what to do now. We're stucked at MM_Key_Exch. What should we check? Thanks.
Regards,
John
09-05-2007 11:50 AM
have you double checked your preshared keys?
09-05-2007 12:49 PM
Thanks for the reply. Yes we already checked it. We even configured our pre-shared key to a very simple one to avoid mistake. Thanks.
Regards,
John
09-05-2007 12:54 PM
I'm also wondering right now because suddenly, ISAKMP session stopped. I tried to erase the crypto map that corresponds to that tunnel and re-apply it again. Now, I don't even see my PIX firewall initiating Phase 1 session. What should I check again? Should I see my PIX firewall doing Phase 1 even if he configured something on his end that prevents me from initiating it?
Regards,
John
09-05-2007 01:56 PM
Hi,
For anyone who can help me, here's my configuration.
Interesting traffic:
access-list test permit ip 10.252.4.0 255.255.255.0 10.254.0.0 255.255.0.0
ISAKMP Policy:
isakmp policy 9 authentication pre-share
isakmp policy 9 encryption 3des
isakmp policy 9 hash md5
isakmp policy 9 group 1
isakmp policy 9 lifetime 86400
Crypto Maps:
crypto map outside 90 ipsec-isakmp
crypto map outside 90 match address test
crypto map outside 90 set pfs group2
crypto map outside 90 set peer x.x.x.x
crypto map outside 90 set transform-set testing
crypto ipsec transform-set testing esp-3des esp-md5-hmac
crypto map outside interface outside
Pre-shared key:
isakmp key secret address x.x.x.x netmask 255.255.255.255 no-xauth no-config-mode
For translation:
global (outside) 12 10.252.4.250
nat (inside) 12 10.252.1.250 255.255.255.255 0 0
I can see the access-list test being hit but the PIX firewall doesn't initiate the connection. Please help.
Regards,
John
09-06-2007 02:38 AM
Hi
I see your NAT statements have 12, have you got any others that could be NATTING the 10.252.4.0/24 network?
Also check the isakmp polcies on both routers.
Can you doa bedug of isakmp?
11-01-2017 06:45 AM
Hi John,
Wondering if you got this fixed ...
Thanks
~EM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: