Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1030
Views
10
Helpful
7
Replies

site-site vpn

Go to solution
M Mohammed
Level 1
Level 1

‎01-26-2018 07:53 AM - edited ‎03-12-2019 04:57 AM

trying to configure isakmp policy but cant see the option, please see below

 

 

fw/pri/act(config)# crypto isakmp ?

configure mode commands/options:
disconnect-notify Enable disconnect notification to peers
identity Set identity type (address, hostname or key-id)
nat-traversal Enable and configure nat-traversal
reload-wait Wait for voluntary termination of existing connections
before reboot

 

 

can't find the policy command

 

please advise

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
M Mohammed
Level 1
Level 1
In response to Richard Burts

‎01-29-2018 02:08 AM

@Richard Burts, many thanks

 

crypto map was not enabled for outside interface, it is up now.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
GioGonza
Level 4
Level 4

‎01-26-2018 08:21 AM

Hello @M Mohammed

 

For newer versions the command is with IKE, something like this: 

 

crypto ikev1/ikev2 policy ..

 

Try this and let me know. 

 

HTH

Gio

0 Helpful

Go to solution
M Mohammed
Level 1
Level 1
In response to GioGonza

‎01-26-2018 08:25 AM

Many thanks G

 

i have already used the below config, but still the vpn is not coming up

and when i check sh crypto ipsec sa nothing is showing up

 

crypto ikev1 policy 201
authentication pre-share
encryption aes
hash sha
group 2
lifetime 28800

 

does it have to be the ikev1 on the other end or they can have ISAKMP POLICY on their end?

0 Helpful

Go to solution
GioGonza
Level 4
Level 4
In response to M Mohammed

‎01-26-2018 08:32 AM

Hello @M Mohammed

 

ISAKMP and IKEv1 are the same it doesn´t matter which one you have configured on your ASA and the other end, if the VPN tunnel doesn´t come up then turn on the debugs and let´s see what is happening: 

 

debug crypto ikev1 250

debug crypto ipsec 250

 

Share the outputs and let´s for from there. 

 

HTH

Gio

Go to solution
M Mohammed
Level 1
Level 1
In response to GioGonza

‎01-26-2018 12:10 PM - edited ‎01-26-2018 12:17 PM

HI @GioGonza,

there is no output after running those commands.

 

 

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to M Mohammed

‎01-26-2018 02:01 PM

If there is no output then it is likely that something in your config is not right. Can you post all the crypto parts of the config and perhaps we can help find the problem.

 

HTH

 

Rick

HTH

Rick

Go to solution
M Mohammed
Level 1
Level 1
In response to Richard Burts

‎01-29-2018 02:08 AM

@Richard Burts, many thanks

 

crypto map was not enabled for outside interface, it is up now.

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to M Mohammed

‎01-29-2018 09:48 AM

Thank you for posting back to the forum and letting us know that you have fixed the problem. I am glad that our suggestions guided you toward identifying and fixing the problem.

 

HTH

 

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents