Problems with VPN to Junipter Redundant Firewall Active Actice s

geraldjacksontx · ‎07-16-2012

I am using 6500 with VPN Accellerator on this device. I have a dozen other VPN connections GRE and IPSEC to routers and ASA and other Junipter Firewalls.

They all work perfectly.

The error I get is map_db_find_best did not find matching map (Never seen this error be for)

IPSEC(cryto_ipsec_process_proposal); no IPSEC cryptomap exists for local address x.x.x.x (There is a CryptoMAP)

ISAKMP: phase 2 SA policy not acceptable

It has 2 peers:

sw1 ---Junipter1

\ Junipter2

I can't put the whole config for security reasons.

Any help would be greatly apprecated.

Javier Portuguez · ‎07-16-2012

Dear Cecil,

Could you please double-check and make sure you have the right IP address in the right crypto map?

Thanks.

geraldjacksontx · ‎07-16-2012

It passes isa phase 1 and has 2 peer addresses. I 2 peer addresses the problem.

geraldjacksontx · ‎07-16-2012

Is it the 2 peers that are the problem?

Javier Portuguez · ‎07-16-2012

What you mean by 2 peers? Both in the same crypto map or two different crypto maps?

Could you please elaborate a little bit more on the config details?

Thanks.

geraldjacksontx · ‎07-16-2012

cypto isakmp key SOMEKEY address x.x.x.33 no-xauth

cypto isakmp key SOMEKEY address x.x.x.41 no-xauth

Crypto isakmp policy 10

encr 3des

hash md5

authentication pre-share

group 2

crypto ipsec transform-set 3des-tunel esp-3des esp-md5-hmac

crypto map IPSecTunnel 90 ipsec-isakmp

set peer x.x.x.33

set peer x.x.x.41

set transform-set 3des-tunnel

set pfs group2

match address SOMENAME

ip access ex SOMENAME

10 permit tcp host LocalhostIP host RemotehostIP

Problems with VPN to Junipter Redundant Firewall Active Actice setup.