cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
319
Views
0
Helpful
0
Replies

outside_dyn_map

fredle123
Level 1
Level 1

Hi,

I am having trouble with traffic through my s2s vpn. The connection is up, but traffic is not being routed.

The connection doesn't have the access-list entry I need, i think it is something to do with the tag outside_dyn_map when it should be outside_map. 

My config:

access-list MTLON_MTLDR_S2S_VPN extended permit ip 10.39.216.0 255.255.254.0 10.40.216.0 255.255.254.0

crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5 ESP-3DES-SHA ESP-3DES-MD5-TRANS ESP-3DES-SHA-TRANS
crypto dynamic-map outside_dyn_map 40 set pfs
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA

crypto map outside_map 10 match address MTLON_MTLDR_S2S_VPN
crypto map outside_map 10 set peer 31.3.xx.xx
crypto map outside_map 10 set transform-set ESP-AES-256-SHA

crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map

tunnel-group 31.3.xx.xx type ipsec-l2l
tunnel-group 31.3.xx.xx general-attributes
tunnel-group 31.3.xx.xx ipsec-attributes
pre-shared-key *

show crypto ipsec sa:

Crypto map tag: outside_dyn_map, seq num: 20, local addr: 217.169.xx.xx

local ident (addr/mask/prot/port): (10.39.216.0/255.255.254.0/0/0)
remote ident (addr/mask/prot/port): (10.40.216.0/255.255.254.0/0/0)
current_peer: 31.3.xx.xx

#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 6, #pkts decrypt: 6, #pkts verify: 6
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0

local crypto endpt.: 217.169.xx.xx, remote crypto endpt.: 31.3.xx.xx

path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: 1333F1DE

inbound esp sas:
spi: 0x3743A2B6 (927179446)
transform: esp-3des esp-md5-hmac none
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 77, crypto-map: outside_dyn_map
sa timing: remaining key lifetime (kB/sec): (4274999/26204)
IV size: 8 bytes
replay detection support: Y
outbound esp sas:
spi: 0x1333F1DE (322171358)
transform: esp-3des esp-md5-hmac none
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 77, crypto-map: outside_dyn_map
sa timing: remaining key lifetime (kB/sec): (4275000/26204)
IV size: 8 bytes
replay detection support: Y

0 Replies 0