09-15-2011 09:00 PM - edited 02-21-2020 05:35 PM
Hi Experts,
I have a PIX515E. I need to create a vpn to my clients office. PIX is alerady having two VPN, among two one is a dynamic VPN to a dynamic IP of netgear router.
I tried to create a new IPSEC vpn to a gateway loadbalancer.Device is PLANET MH2001. It is our client premises.
It has two gateway(public IP). Configuration in MH2001 is pretty simple. and i have completed it.
I have also completed configuration in PIX using ASDM. But the VPN is not up till now.
I have checked the logs in MH2001-->
"S2SVPN" #3701: max number of retransmissions (0) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message”
But in PIX side i didnt get log yet. I gave " sh isakmp sa" "sh ipsec sa" But it is not showing anything.... No IKE phase....
As i said MH2001 has two public IPs. and one LAN range. But i configured tunnel-group to only one public IP.
Still Nothing.. no isakmp phase for this VPN....
What should be reason??? Waiting for your suggestions.........
Thanks
Vipin
09-15-2011 09:17 PM
Hi Experts,
Please see the below configuration i Have done.
Did i configure anything wrong??? or do i need to add anything more???? Please suggest...........
A.A.A.A and B.B.B.b are the two public IPs of MH2001.
access-list outside_2_cryptomap extended permit ip
access-list inside_nat0_outbound extended permit ip
nat (inside) 0 access-list inside_nat0_outbound
route outside
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set New_Trfm_Dyn_S2S esp-3des esp-sha-hmac
crypto map outside_map 1 set security-association lifetime seconds 28800
crypto map outside_map 2 match address outside_2_cryptomap
crypto map outside_map 2 set peer B.B.B.B
crypto map outside_map 2 set transform-set New_Trfm_Dyn_S2S
crypto map outside_map 3 match address outside_2_cryptomap
crypto map outside_map 3 set peer A.A.A.A
crypto map outside_map 3 set transform-set ESP-3DES-SHA
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 5
authentication pre-share
encryption 3des
hash sha
group 1
lifetime 3600
tunnel-group B.B.B.B type ipsec-l2l
tunnel-group B.B.B.B ipsec-attributes
pre-shared-key *
tunnel-group A.A.A.A type ipsec-l2l
tunnel-group A.A.A.A ipsec-attributes
pre-shared-key *
Thanks
Vipin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide