Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
432
Views
0
Helpful
1
Replies

Site to Site VPN tunnel not coming up

pannick
Level 1
Level 1

‎07-30-2016 03:07 PM

We have a site to site VPN connection between two colleges. The remote college has a firewall in between our two ASAs. This week the remote college replaced their Checkpoint firewall with a Palo Alto. Since this happened we can not bring our tunnel back up. Of course Palo Alto tells the college that their config is fine and the issue lies in our hands.

When looking at the Palo Alto logs they do not show any of our ISAKMP or port 500 traffic getting to them. We can ping interfaces but as I said the tunnel will not come up.

Both ends of of the tunnel are in a  State   : MM_WAIT_MSG2

The only thing that has changed is the checkpoint being replaced with the Palo Alto. Cisco TAC was not able to figure this one out with us.

Any hints out their in the community?

Thanks

Labels:
0 Helpful
1 Reply 1

Aditya Ganjoo
Cisco Employee
Cisco Employee

‎07-30-2016 06:06 PM

Hi Joel,

Could you share the debugs on the ASA ?

debug crypto isakmp/ikev1 200

Regards,

Aditya

Please rate helpful posts and mark correct answers.

0 Helpful
Customers Also Viewed These Support Documents