10-06-2010 12:07 PM - edited 02-21-2020 04:53 PM
i have a L2L ipsec tunnel built between a 5520 and 5510. i am pretty sure i have configured everything i need to but when i do a show cry ipsec sa there is nothing there. i am sure the firewalls inbetween are opened up to allow the connections as well. also everytime i configured a part of the cryptomap like command: crypto map outside_map 10 set peer 6.7.0.13 it would come back with this error
[IKEv1]: Ignoring msg to mark SA with specified coordinates <outside_map, 10> dead.
any ideas?
Solved! Go to Solution.
10-06-2010 02:17 PM
Hi,
Could you please paste the output of the following command "show run crypto" from both the ASAs. Also what do you see when you give "show cry isa sa".
Also if your crypto ACLs for the tunnel have something like this "access-list ACL extended permit tcp host 192.168.11.11 host 10.1.100.105 eq ftp"
Change the ACL to ip i.e. "access-list ACL extended permit ip host 192.168.11.11 host 10.1.100.105 " Let me know if that helps
Thanks,
Namit
10-06-2010 02:17 PM
Hi,
Could you please paste the output of the following command "show run crypto" from both the ASAs. Also what do you see when you give "show cry isa sa".
Also if your crypto ACLs for the tunnel have something like this "access-list ACL extended permit tcp host 192.168.11.11 host 10.1.100.105 eq ftp"
Change the ACL to ip i.e. "access-list ACL extended permit ip host 192.168.11.11 host 10.1.100.105 " Let me know if that helps
Thanks,
Namit
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide