Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
340
Views
0
Helpful
3
Replies

Site to site vpn

malbalhaj
Beginner
Beginner

‎03-02-2017 12:35 PM

Dears

i Have main srx firewall all sites are connected to it 

there is new site with Cisco Asa 5505 firewall

ive done srx side configuration, and basics configuration for cisco i tried to create the tunnel with ipsec 

with no luck can any body help me.

1 person had this problem
Labels:
0 Helpful
3 Replies 3

Richard Burts
VIP Community Legend VIP Community Legend
VIP Community Legend

‎03-03-2017 11:41 AM

You have not given us any detail to work with. Can you provide the crypto parameters that you are using? Even better - can you provide the config for the Cisco side?

Since you posted in a Cisco forum most of us will prefer to focus on troubleshooting from the Cisco side. As a start can you enable debug for ISAKMP, attempt to bring up the tunnel, and post all debug output?

HTH

Rick

HTH

Rick
0 Helpful

malbalhaj
Beginner
Beginner
In response to Richard Burts

‎03-03-2017 10:04 PM

Dear Richard,

my main problem am trying to migrate current pix to asa 5505 v9.0 please see below :

crypto ipsec transform-set strong esp-3des esp-sha-hmac

crypto ipsec transform-set mynet-aes esp-aes-256 esp-sha-hmac

crypto ipsec security-association lifetime seconds 3600

crypto map mynet 50 ipsec-isakmp    x

crypto map mynet 50 match address vpn-amman     

crypto map mynet 50 set pfs group2

crypto map mynet 50 set peer 212.118.13.230

crypto map mynet 50 set transform-set strong

crypto map mynet 50 set security-association lifetime seconds 28800 kilobytes 4608000

crypto map mynet interface outside      

isakmp enable outside

isakmp key ******** address 11.11.11.11 netmask 255.255.255.255 no-xauth no-config-mode x

isakmp identity address

isakmp policy 5 authentication pre-share

isakmp policy 5 encryption 3des

isakmp policy 5 hash sha

isakmp policy 5 group 2

isakmp policy 5 lifetime 86400

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption aes-256

isakmp policy 10 hash sha

isakmp policy 10 group 2

isakmp policy 10 lifetime 28800

am facing the problem with below commands

isakmp key ******** address 11.11.11.11 netmask 255.255.255.255 no-xauth no-config-mode

crypto map mynet 50 ipsec-isakmp

also I tried to enable below command:

 debug crypto condition error isakmp

the result

show crypto debug-condition
Crypto conditional debug is turned ON
IKE debug context unmatched flag:  OFF
IPSec debug context unmatched flag:  OFF
IKE debug context error flag:  ON
IPSec debug context error flag:  OFF
0 Helpful