DYNAMIC IP with SITE TO SITE VPN - Page 2

wasiimcisco · ‎11-03-2009

i have ASA 8.0 with static ip address and remote site has a ADSL ROuter with dynamic IP address.

I am not able to make the Site to site vpn connection. I have tried dynamic map and standard site to site vpn

connection but nothing is working for me.

Please help me out. I am tottally stuck.I have attached the router and firewall configuration and below error I am getting.

Nov 3 18:08:34.606: IPSEC(key_engine): request timer fired: count = 1,

(identity) local= 83.110.195.120, remote= x.x.x.x,

local_proxy= 172.17.245.210/255.255.255.255/0/0 (type=1),

remote_proxy= 192.168.0.0/255.255.0.0/0/0 (type=4)

Nov 3 18:08:34.606: IPSEC(sa_request): ,

(key eng. msg.) OUTBOUND local= 83.110.195.120, remote= x.x.x.x,

local_proxy= 172.17.245.210/255.255.255.255/0/0 (type=1),

remote_proxy= 192.168.0.0/255.255.0.0/0/0 (type=4),

protocol= ESP, transform= esp-3des esp-md5-hmac (Tunnel),

lifedur= 3600s and 4608000kb,

spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0

RISTAR-JXB#

Nov 3 18:08:34.810: IPSEC(key_engine): got a queue event with 1 KMI message(s)

slmansfield · ‎11-05-2009

I tried recreating the problem in my lab. Instead of using the Cisco example I pieced together the information you've provided. Attached are the configurations.

I did not get your ping to work, but the ping I ran did bring up the VPN tunnel. I was successful pinging from a device behind the router, with an address of 172.17.245.210, which is within the encryption domain, to 192.168.0.2, a fictitious address on an inside subnet connected to the ASA, also within the encryption domain.

Please review these configurations to see if there is anything that is significantly different from what you are using.

HTH