01-25-2008 12:03 PM - edited 02-21-2020 03:30 PM
I inherited an issue with a site-to-site vpn connection. It's looks like below w/nat being done on r1 for the pix. The vpn clients can connect but the site-to-site won't come up. To compound the issue R1 has two internet connections so policy routing is being used. Any assistance would be greatly appreciated.
Pix--R1--Internet--R2--checkpt
I've attached pix, router, and isakmp debug.
thanks.
Josh
01-25-2008 12:44 PM
I see that the isakmp gets stuck in the below state, which could be something to do with the PSK>
69.25.174.245 172.16.200.1 MM_KEY_EXCH
Can you make sure that the preshared key is matching on both the sides.
Regards,
Arul
** Please rate all helpful posts **
01-28-2008 07:11 AM
thanks Arul, the keys do match. The tunnel works when I take out the nat-traversal command, but when added back the far end still see me trying port 4500 to connect.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide