PIX-to-PIX VPN

edwong · ‎02-02-2002

Dear all,

I tried to make a VPn tunnel with our remote office using pix to pix, seems that phase 1 has passed but some problem with phase 2. Belows are the debug output, does anybody have any idea?

PIX(config)#

VPN Peer: ISAKMP: Added new peer: ip:remote_public_ip Total VPN Peers:1

VPN Peer: ISAKMP: Peer ip:remote_public_ip Ref cnt incremented to:1 Total VPN Peers:

1

ISAKMP (0): beginning Main Mode exchange

crypto_isakmp_process_block: src remote_public_ip, dest xxx.xxx.xxx.xxx

return status is IKMP_NO_ERR_NO_TRANSIPSEC(key_engine): request timer fired: cou

nt = 1,

(identity) local= xxx.xxx.xxx.xxx, remote= remote_public_ip,

local_proxy= 192.168.47.0/255.255.255.0/0/0 (type=4),

remote_proxy= 192.168.17.0/255.255.255.0/0/0 (type=4)

ISAKMP (0): deleting SA: src xxx.xxx.xxx.xxx, dst remote_public_ip

ISADB: reaper checking SA 0x80d75f50, conn_id = 0 DELETE IT!

VPN Peer: ISAKMP: Peer ip:remote_public_ip Ref cnt decremented to:0 Total VPN Peers:

1

VPN Peer: ISAKMP: Deleted peer: ip:remote_public_ip Total VPN peers:0IPSEC(key_engin

e): request timer fired: count = 2,

(identity) local= xxx.xxx.xxx.xxx, remote= remote_public_ip,

local_proxy= 192.168.47.0/255.255.255.0/0/0 (type=4),

remote_proxy= 192.168.17.0/255.255.255.0/0/0 (type=4)

VPN Peer: ISAKMP: Added new peer: ip:remote_public_ip Total VPN Peers:1

VPN Peer: ISAKMP: Peer ip:remote_public_ip Ref cnt incremented to:1 Total VPN Peers:

1

ISAKMP (0): beginning Main Mode exchange

crypto_isakmp_process_block: src remote_public_ip, dest xxx.xxx.xxx.xxx

return status is IKMP_NO_ERR_NO_TRANSIPSEC(key_engine): request timer fired: cou

nt = 1,

(identity) local= xxx.xxx.xxx.xxx, remote= remote_public_ip,

local_proxy= 192.168.47.0/255.255.255.0/0/0 (type=4),

remote_proxy= 192.168.17.0/255.255.255.0/0/0 (type=4)

ISAKMP (0): deleting SA: src xxx.xxx.xxx.xxx, dst remote_public_ip

ISADB: reaper checking SA 0x80d75f50, conn_id = 0 DELETE IT!

VPN Peer: ISAKMP: Peer ip:remote_public_ip Ref cnt decremented to:0 Total VPN Peers:

1

VPN Peer: ISAKMP: Deleted peer: ip:remote_public_ip Total VPN peers:0IPSEC(key_engin

e): request timer fired: count = 2,

(identity) local= xxx.xxx.xxx.xxx, remote= xxx.xxx.xxx.xxx,

local_proxy= 192.168.47.0/255.255.255.0/0/0 (type=4),

remote_proxy= 192.168.17.0/255.255.255.0/0/0 (type=4)

Thanks.

Edwong

edwong · ‎02-02-2002

Further more, i see there are a lot of send error in the debug...

local ident (addr/mask/prot/port): (192.168.47.0/255.255.255.0/0/0)

remote ident (addr/mask/prot/port): (192.168.17.0/255.255.255.0/0/0)

current_peer: xxx.xxx.xxx

PERMIT, flags={origin_is_acl,}

#pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0

#pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0

#send errors 478, #recv errors 0

local crypto endpt.: xxx.xxx.xxx.xxx, remote crypto endpt.: xxx.xxx.xxx.xxx

path mtu 1500, ipsec overhead 0, media mtu 1500

current outbound spi: 0

Thanks.

cbc673 · ‎02-08-2002

This is usually do to ACL's not being configured correctly. Please post your ACL's and your cry maps.