Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
458
Views
0
Helpful
2
Replies

IPSec Site to Site VPN no ISAKMP

HarryES
Level 1
Level 1

‎09-08-2017 06:01 AM - edited ‎03-05-2019 09:06 AM

Hi,

 

I have a cisco 887 and a cisco 881 and I am trying to set up an IPSec tunnel between the two.

 

It doesnt look like I am getting any ISAKMP negotiations between the two.

 

The policies are the same on both sides and the crypto map ACL are mirroring eachother, but still no negotiation.

 

Can anybody assist?

Labels:
0 Helpful
2 Replies 2

GRANT3779
Spotlight
Spotlight

‎09-08-2017 06:09 AM

I think at minimum you are going to need some ACL entries on each end allowing the following -

 

permit esp host x.x.x.x host y.y.y.y
permit udp host x.x.x.x host y.y.y.y eq isakmp
permit udp host x.x.x.x host y.y.y.y eq non500-isakmp

 

Replacing with your own IP addresses. The ACL will be inbound on the Outside Interface.

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎09-08-2017 07:17 AM

Crypto maps - do your devices support VTI tunnels?
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card