01-22-2002 02:44 PM - edited 03-08-2019 09:38 PM
We have set up 2 x 827 ADSL routers with IPSEC to provide a VPN between 2 private networks. At present we can ping from hosts on one network to another, but not in the reverse direction. We have also come across an even stranger debug message :- 2d01h: ISAKMP (0:1): deleting SA reason "He''s expired! He''s lost his perch! He''s an ex-parrot!" state (R) QM_IDLE The IOS version for both routers is :- IOS (tm) C820 Software (C820-OSY656I-M), Version 12.1(3)XG1, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) TAC:Home:SW:IOS:Specials for info.
We have excluded NAT translation for traffic between the private networks.
Any ideas ???
01-23-2002 03:17 AM
hehehe
Hi Matthew
Just a quick stab as I'v enot the time right now to look at this.....
Could be that the ACL allowing ESP,AHP and ISAKMP on one router is incorrect? i.e. the addresses are about face?
Ali
01-27-2002 08:04 PM
exclude the outside address as well. chances are that you are natting the outside address.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide