Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
348
Views
0
Helpful
2
Replies

VPN Connectivity to an offline server.

Go to solution
merryllem
Level 1
Level 1

‎09-15-2009 02:18 PM

Greetings All,

I am trying to bring standard site to site vpn connection between two sites. Site A and Site B.

Site A has a server (SeverOne)and site B WILL have a server (ServerTwo).

Now Im trying to bring up the VPN tunnel by pinging at this point a NON-EXISTENT server (ServerTwo) from the ServerOne.

SO the question is will this tunnel come up even though the server at site B is still not online? So far my tunnel is not passing phase 1.

Thanks in advance

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10

‎09-15-2009 09:23 PM

SO the question is will this tunnel come up even though the server at site B is still not online?

Absolutely.. tunnel should still come up even though the host at other end does not respond.. you still should see phase 1/2 complete, and note in the output of (show crypto isakmp sa) in your firewall tunnel state as QM_IDLE and see peer tunnel address and your tunnel address.. you will only see encrypts but no decryps in the output of (show crypto ipsec sa) when sending pings to a system that is not online ... so if your tunnel makes it as far as phase1 something is wrong , either in your ike policy not matching or peer not responding..

Jorge Rodriguez

View solution in original post

0 Helpful
2 Replies 2

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10

‎09-15-2009 09:23 PM

SO the question is will this tunnel come up even though the server at site B is still not online?

Absolutely.. tunnel should still come up even though the host at other end does not respond.. you still should see phase 1/2 complete, and note in the output of (show crypto isakmp sa) in your firewall tunnel state as QM_IDLE and see peer tunnel address and your tunnel address.. you will only see encrypts but no decryps in the output of (show crypto ipsec sa) when sending pings to a system that is not online ... so if your tunnel makes it as far as phase1 something is wrong , either in your ike policy not matching or peer not responding..

Jorge Rodriguez
0 Helpful

Go to solution
merryllem
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎08-24-2010 01:04 PM

I know it's been a year (almost) but thanks.. this was helpfull

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents