Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cannot establish VPN

Status
Not open for further replies.
OwenSul

OwenSul

Technical User
Nov 11, 2008
2
IE
I am attempting to establish a VPN between my local and remote site. Local site uses a Cisco PIX 501. Have configured the VPN and run ping commands. VPN Statistics/IPSec VPNs monitoring screen in Cisco PIX for local site shows 0 for Encap Pk between 10.1.101.100 and remote site. Shows 131 for Decap Pk. My question is what error am I making that causes Encap Pk to remain at 0?

Relevant lines from my configuration shown below.

Any useful help much appreciated.

Building configuration...
: Saved
:
PIX Version 6.3(4)
name 10.215.3.120 remoteside_vpn_out
name xxx.xx.xx.xx remoteside_vpn_in
access-list inside_outbound_nat0_acl permit ip host remoteside_vpn_in remoteside_vpn_out 255.255.255.248
access-list inside_outbound_nat0_acl permit ip host 10.1.101.100 host yyy.yy.yy.yyy
access-list outside_cryptomap_20 permit ip host remoteside_vpn_in remoteside_vpn_out 255.255.255.248
access-list 500 permit ip host 10.1.101.100 host xxx.xx.xx.xxx
pdm location remoteside_vpn_in 255.255.255.255 outside
pdm location remoteside_vpn_in 255.255.255.255 inside
pdm location remoteside_vpn_out 255.255.255.248 outside
nat (inside) 0 access-list inside_outbound_nat0_acl
route inside remoteside_vpn_in 255.255.255.255 zzz.zzz.zzz.zz 1
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5
crypto map outside_map 20 ipsec-isakmp
crypto map outside_map 20 match address 500
crypto map outside_map 20 set peer zzz.zzz.zzz.zz
crypto map outside_map 20 set transform-set ESP-3DES-SHA
isakmp enable outside
isakmp key ******** address remoteside_vpn_in netmask 255.255.255.255 no-xauth no-config-mode
isakmp key ******** address zzz.zzz.zzz.zz netmask 255.255.255.255 no-xauth no-config-mode
isakmp peer ip xxx.xx.xx.xx no-xauth no-config-mode
 
Sort by date Sort by votes
This ACL doesn't exist in what you posted
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20

Can you post both configs? (take out passwords and mask the middle two octets of the public IP.)


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
Thanks Brent, that was enough of a clue to solve the issue.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
590
intel233
intel233
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
210
gkittelson
gkittelson
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
728
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
160
WhosYourDiffie
WhosYourDiffie
ISDPCMAN
  • Locked
  • Question
Cannot connect to TZ-215 Sonicwall appliance with web browser!
Replies
0
Views
148
ISDPCMAN
ISDPCMAN

Part and Inventory Search

Sponsor

Back
Top