Showing results for 
Search instead for 
Did you mean: 

Site to site vpn



i Have main srx firewall all sites are connected to it 

there is new site with Cisco Asa 5505 firewall

ive done srx side configuration, and basics configuration for cisco i tried to create the tunnel with ipsec 

with no luck can any body help me.

3 Replies 3

Richard Burts
VIP Community Legend VIP Community Legend
VIP Community Legend

You have not given us any detail to work with. Can you provide the crypto parameters that you are using? Even better - can you provide the config for the Cisco side?

Since you posted in a Cisco forum most of us will prefer to focus on troubleshooting from the Cisco side. As a start can you enable debug for ISAKMP, attempt to bring up the tunnel, and post all debug output?





Dear Richard,

my main problem am trying to migrate current pix to asa 5505 v9.0 please see below :

crypto ipsec transform-set strong esp-3des esp-sha-hmac

crypto ipsec transform-set mynet-aes esp-aes-256 esp-sha-hmac

crypto ipsec security-association lifetime seconds 3600

crypto map mynet 50 ipsec-isakmp    x

crypto map mynet 50 match address vpn-amman     

crypto map mynet 50 set pfs group2

crypto map mynet 50 set peer

crypto map mynet 50 set transform-set strong

crypto map mynet 50 set security-association lifetime seconds 28800 kilobytes 4608000

crypto map mynet interface outside      

isakmp enable outside

isakmp key ******** address netmask no-xauth no-config-mode x

isakmp identity address

isakmp policy 5 authentication pre-share

isakmp policy 5 encryption 3des

isakmp policy 5 hash sha

isakmp policy 5 group 2

isakmp policy 5 lifetime 86400

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption aes-256

isakmp policy 10 hash sha

isakmp policy 10 group 2

isakmp policy 10 lifetime 28800

am facing the problem with below commands

isakmp key ******** address netmask no-xauth no-config-mode

crypto map mynet 50 ipsec-isakmp

also I tried to enable below command:

 debug crypto condition error isakmp

the result

show crypto debug-condition
Crypto conditional debug is turned ON
IKE debug context unmatched flag:  OFF
IPSec debug context unmatched flag:  OFF
IKE debug context error flag:  ON
IPSec debug context error flag:  OFF