12-14-2005 07:47 AM - edited 02-21-2020 02:09 PM
dear sir
i am trying to configure ip tunnel in cisco pix 515 i get the configuration from our configuration our customer it but i am not able to establish the connection.
can some body help.
here is my configuration as per per our client and debug test
access-list inside_outbound_nat0_acl permit ip host 152.153.195.22 194.xxx.xxx.xxx 255.255.255.252
access-list outside_cryptomap_20 permit ip host 152.153.195.22 194.xxx.xxx.xxx 255.255.255.252
nat (inside) 0 access-list inside_outbound_nat0_acl
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto map outside_map 20 ipsec-isakmp
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set peer 194.xxx.xxx.xxx
crypto map outside_map 20 set transform-set ESP-DES-MD5
crypto map outside_map 20 set security-association lifetime seconds 28800 kilobytes 7200
crypto map outside_map interface outside
isakmp enable outside
isakmp key ******** address 194.xxx.xxxx.xxx netmask 255.255.255.255 no-xauth no-config-mode
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 1
isakmp policy 20 lifetime 7200
debug test
ISAKMP (0): beginning Main Mode exchange
ISAKMP (0): retransmitting phase 1 (0)...IPSEC(key_engine): request timer fired:
count = 1,
(identity) local= 212.xxx.xxx.xxx, remote= 194.xxx.xxx.xxx,
local_proxy= 152.153.195.22/255.255.255.255/0/0 (type=1),
remote_proxy= 194.xxx.xxx.xxx/255.255.255.252/0/0 (type=4)
ISAKMP (0): retransmitting phase 1 (1)...
ISAKMP (0): deleting SA: src 212.xxx.xxx.xxx, dst 194.xxx.xxx.xxx
ISADB: reaper checking SA 0xf9fc6c, conn_id = 0 DELETE IT!
VPN Peer:ISAKMP: Peer Info for 194.xxx.xxx.xxx/500 not found - peers:0
IPSEC(key_engine): request timer fired: count = 2,
(identity) local= 212.xxx.xxx.xxx, remote= 194.39.131.169,
local_proxy= 152.153.195.22/255.255.255.255/0/0 (type=1),
remote_proxy= 194.xxx.xxx.xxx/255.255.255.252/0/0 (type=4)
regards
yaseen
12-15-2005 02:43 PM
assuming a lan-lan vpn tunnel is the aim, the acls are inaccurate.
access-list inside_outbound_nat0_acl permit ip
access-list outside_cryptomap_20 permit ip
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide