09-04-2002 06:23 AM - edited 02-21-2020 12:02 PM
Please
I have problems.
I´m not havet sucess with a VPN site to site.
The fase 1 is retransmit in looping and no connect the VPN.
I need know one better configuration:
https://support.watchguard.com/advancedfaqs/5.0SOHO-CiscoPix.pdf
Isn´t good.
Debug:
crypto_isakmp_process_block: src 161.108.231.254, dest 200.200.200.1
VPN Peer: ISAKMP: Added new peer: ip:161.108.231.254 Total VPN Peers:1
VPN Peer: ISAKMP: Peer ip:161.108.231.254 Ref cnt incremented to:1 Total VPN Peers:1
OAK_MM exchange
ISAKMP (0): processing SA payload. message ID = 0
ISAKMP (0): Checking ISAKMP transform 1 against priority 20 policy
ISAKMP: encryption DES-CBC
ISAKMP: hash SHA
ISAKMP: default group 1
ISAKMP: auth pre-share
ISAKMP: life type in seconds
ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
ISAKMP (0): atts are acceptable. Next payload is 0
ISAKMP (0): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
return status is IKMP_NO_ERROR
crypto_isakmp_process_block: src 161.108.231.254, dest 200.200.200.1
VPN Peer: ISAKMP: Peer ip:161.108.231.254 Ref cnt incremented to:2 Total VPN Peers:1
VPN Peer: ISAKMP: Peer ip:161.108.231.254 Ref cnt decremented to:1 Total VPN Peers:1
ISAKMP (0): retransmitting phase 1...
crypto_isakmp_process_block: src 161.108.231.254, dest 200.200.200.1
VPN Peer: ISAKMP: Peer ip:161.108.231.254 Ref cnt incremented to:2 Total VPN Peers:1
VPN Peer: ISAKMP: Peer ip:161.108.231.254 Ref cnt decremented to:1 Total VPN Peers:1
ISAKMP (0): retransmitting phase 1...
crypto_isakmp_process_block: src 161.108.231.254, dest 200.200.200.1
VPN Peer: ISAKMP: Peer ip:161.108.231.254 Ref cnt incremented to:2 Total VPN Peers:1
VPN Peer: ISAKMP: Peer ip:161.108.231.254 Ref cnt decremented to:1 Total VPN Peers:1
ISADB: reaper checking SA 0x80c8c198, conn_id = 0
crypto_isakmp_process_block: src 161.108.231.254, dest 200.200.200.1
VPN Peer: ISAKMP: Peer ip:161.108.231.254 Ref cnt incremented to:2 Total VPN Peers:1
VPN Peer: ISAKMP: Peer ip:161.108.231.254 Ref cnt decremented to:1 Total VPN Peers:1
ISAKMP (0): deleting SA: src 161.108.231.254, dst 200.200.200.1
ISADB: reaper checking SA 0x80c8c198, conn_id = 0 DELETE IT!
VPN Peer: ISAKMP: Peer ip:161.108.231.254 Ref cnt decremented to:0 Total VPN Peers:1
VPN Peer: ISAKMP: Deleted peer: ip:161.108.231.254 Total VPN peers:0
crypto_isakmp_process_block: src 161.108.231.254, dest 200.200.200.1
VPN Peer: ISAKMP: Added new peer: ip:161.108.231.254 Total VPN Peers:1
VPN Peer: ISAKMP: Peer ip:161.108.231.254 Ref cnt incremented to:1 Total VPN Peers:1
OAK_MM exchange
ISAKMP (0): processing SA payload. message ID = 0
ISAKMP (0): Checking ISAKMP transform 1 against priority 20 policy
ISAKMP: encryption DES-CBC
ISAKMP: hash SHA
ISAKMP: default group 1
ISAKMP: auth pre-share
ISAKMP: life type in seconds
ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
ISAKMP (0): atts are acceptable. Next payload is 0
ISAKMP (0): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
return status is IKMP_NO_ERROR
09-06-2002 01:02 AM
Below is URL for Tech Tips, where you will find lots of sample configs (scroll down to PIX section)
http://www.cisco.com/warp/customer/707/index.shtml#ipsec
HTH
R/Yusuf
09-06-2002 03:24 AM
The nat statements in the watchguard sample config are incorrect, the nat 0 command should reflect the traffic to be tunneled.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide