ā05-24-2024 05:55 AM
I get this error after setting up a ipsec connection with my router and pfsense firewall
ICU4-ROUTER-01#show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
10.2.128.50 10.2.66.52 MM_NO_STATE 0 ACTIVE (deleted)
IPv6 Crypto ISAKMP SA
10.2.128.50 is the router WAN
10.2.66.52 is the WAN interface of the firewall
The idea is to connect a cloud environment with a office site network.
Shortly after the connection gets deleted, how do i solve this problem.
To setup the configuration i used this guide: https://www.cisco.com/c/en/us/support/docs/routers/1700-series-modular-access-routers/71462-rtr-l2l-ipsec-split.html
ā05-24-2024 06:11 AM
- Review these bug reports : https://bst.cloudapps.cisco.com/bugsearch?pf=prdNm&kw=MM_NO_STATE&bt=custV&sb=anfr
M.
ā05-24-2024 06:15 AM
Can you share router config
MHM
ā05-24-2024 07:16 AM
You need the complete, show running-config ?
ā05-24-2024 07:24 AM
Yes'
And
Debug crypto isakmp
MHM
ā05-29-2024 03:33 AM
Sorry I still wating ?
can you share the config to check it
thanks
MHM
ā05-29-2024 05:31 AM
I had nat inside to outside. I turned it off now since, I want the other firewall to do nat for me. But the problem is that my ipsec tunnel that I have established doesnt send network traffic through the tunnel.
ā05-29-2024 05:37 AM
Thanks for more detail
Two issue I see
1- you need to exclude encrypt traffic from NAT
Check this link
2- there is hsrp are you sure the traffic pass correctly through this router' i.e. this router is hsrp active?
Also are Peer is config to deal with two endpoint not one?
MHM
ā05-29-2024 05:53 AM
I tried to share the config, for some reason i cant post it in the forum.
ā05-29-2024 05:56 AM
No need I take look of config' and I notice two points I list above.
Check it
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide