Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
360
Views
0
Helpful
2
Replies

VPN IPsec with PIX and SOHO Watchguard

flocato
Level 1
Level 1

‎09-04-2002 06:23 AM - edited ‎02-21-2020 12:02 PM

Please

I have problems.

I´m not havet sucess with a VPN site to site.

The fase 1 is retransmit in looping and no connect the VPN.

I need know one better configuration:

https://support.watchguard.com/advancedfaqs/5.0SOHO-CiscoPix.pdf

Isn´t good.

Debug:

crypto_isakmp_process_block: src 161.108.231.254, dest 200.200.200.1

VPN Peer: ISAKMP: Added new peer: ip:161.108.231.254 Total VPN Peers:1

VPN Peer: ISAKMP: Peer ip:161.108.231.254 Ref cnt incremented to:1 Total VPN Peers:1

OAK_MM exchange

ISAKMP (0): processing SA payload. message ID = 0

ISAKMP (0): Checking ISAKMP transform 1 against priority 20 policy

ISAKMP: encryption DES-CBC

ISAKMP: hash SHA

ISAKMP: default group 1

ISAKMP: auth pre-share

ISAKMP: life type in seconds

ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80

ISAKMP (0): atts are acceptable. Next payload is 0

ISAKMP (0): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR

return status is IKMP_NO_ERROR

crypto_isakmp_process_block: src 161.108.231.254, dest 200.200.200.1

VPN Peer: ISAKMP: Peer ip:161.108.231.254 Ref cnt incremented to:2 Total VPN Peers:1

VPN Peer: ISAKMP: Peer ip:161.108.231.254 Ref cnt decremented to:1 Total VPN Peers:1

ISAKMP (0): retransmitting phase 1...

crypto_isakmp_process_block: src 161.108.231.254, dest 200.200.200.1

VPN Peer: ISAKMP: Peer ip:161.108.231.254 Ref cnt incremented to:2 Total VPN Peers:1

VPN Peer: ISAKMP: Peer ip:161.108.231.254 Ref cnt decremented to:1 Total VPN Peers:1

ISAKMP (0): retransmitting phase 1...

crypto_isakmp_process_block: src 161.108.231.254, dest 200.200.200.1

VPN Peer: ISAKMP: Peer ip:161.108.231.254 Ref cnt incremented to:2 Total VPN Peers:1

VPN Peer: ISAKMP: Peer ip:161.108.231.254 Ref cnt decremented to:1 Total VPN Peers:1

ISADB: reaper checking SA 0x80c8c198, conn_id = 0

crypto_isakmp_process_block: src 161.108.231.254, dest 200.200.200.1

VPN Peer: ISAKMP: Peer ip:161.108.231.254 Ref cnt incremented to:2 Total VPN Peers:1

VPN Peer: ISAKMP: Peer ip:161.108.231.254 Ref cnt decremented to:1 Total VPN Peers:1

ISAKMP (0): deleting SA: src 161.108.231.254, dst 200.200.200.1

ISADB: reaper checking SA 0x80c8c198, conn_id = 0 DELETE IT!

VPN Peer: ISAKMP: Peer ip:161.108.231.254 Ref cnt decremented to:0 Total VPN Peers:1

VPN Peer: ISAKMP: Deleted peer: ip:161.108.231.254 Total VPN peers:0

crypto_isakmp_process_block: src 161.108.231.254, dest 200.200.200.1

VPN Peer: ISAKMP: Added new peer: ip:161.108.231.254 Total VPN Peers:1

VPN Peer: ISAKMP: Peer ip:161.108.231.254 Ref cnt incremented to:1 Total VPN Peers:1

OAK_MM exchange

ISAKMP (0): processing SA payload. message ID = 0

ISAKMP (0): Checking ISAKMP transform 1 against priority 20 policy

ISAKMP: encryption DES-CBC

ISAKMP: hash SHA

ISAKMP: default group 1

ISAKMP: auth pre-share

ISAKMP: life type in seconds

ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80

ISAKMP (0): atts are acceptable. Next payload is 0

ISAKMP (0): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR

return status is IKMP_NO_ERROR

Labels:
0 Helpful
2 Replies 2

yusuff
Cisco Employee
Cisco Employee

‎09-06-2002 01:02 AM

Below is URL for Tech Tips, where you will find lots of sample configs (scroll down to PIX section)

http://www.cisco.com/warp/customer/707/index.shtml#ipsec

HTH

R/Yusuf

0 Helpful

d.hummel2
Level 1
Level 1
In response to yusuff

‎09-06-2002 03:24 AM

The nat statements in the watchguard sample config are incorrect, the nat 0 command should reflect the traffic to be tunneled.

0 Helpful
Customers Also Viewed These Support Documents