Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
318
Views
0
Helpful
1
Replies

VPN - Syslog 713041

drbabbers
Level 3
Level 3

‎10-23-2015 01:37 AM

All,

I'm having trouble setting up a site to site VPN between 2 ASA firewalls and from my side of the tunnel I get this over and over when I generate interesting traffic:

5

Oct 23 201509:23:18713041    IP = 10.10.10.1, IKE Initiator: New Phase 1, Intf Inside, IKE Peer 10.10.10.1 local Proxy Address 10.10.10.2, remote Proxy Address 192.168.130.0, Crypto map (outside_map)

 

I can ping the peer ip all OK and this is a fairly standard IKEv1 configuration.

Any ideas how I can proceed to troubleshoot?

Thanks

D

 

Labels:
0 Helpful
1 Reply 1

Dinesh Moudgil
Cisco Employee
Cisco Employee

‎10-23-2015 02:39 AM

Hi,

Try running the packet-tracer command that will show you all the stages the packet is going through. This will give you enough information to see if you are hitting correct natting and routing rules.

Packet-tracer input inside(interface from which the interesting traffic is generated) icmp x.x.x.x( interesting traffic at your end ) 8 0 x.x.x.x(interesting traffic at remote end) detailed 

Here is a document for your reference:-
https://supportforums.cisco.com/document/29601/troubleshooting-access-problems-using-packet-tracer

 

Make sure the phase 1 and phase 2 are matching on both the ASAs.
 

Regards,
Dinesh Moudgil


P.S. Please rate helpful posts.

 

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/
0 Helpful
Customers Also Viewed These Support Documents