I am unable to establish phase 1 when attempting a second crypto isakmp policy
My first one is good, I am getting through phase 1 and two and routing encrypted packets fine. I created a second one the same way i did the first one. I have verified the peer address, encrytion types, group types, as well as the crypto access-lists with the user.
I debugged crypto isakmp and i see MM_NO_STATE when i attempt to ping from a valid ip source.
when I show crypto isa sa, i see that the second session is trying to establish sa's and i see MM_NO_STATE under the status.
The only thing i did differently in the second policy than from the first is that i specified a network address to network address format in my crypto-map access list. I used a host address-to-host address in my first policy. I saw a cisco document that said that either method is fine as long as they are mirrored on both sides. Any insight into the problem would be greatly appreciated.
My first one is good, I am getting through phase 1 and two and routing encrypted packets fine. I created a second one the same way i did the first one. I have verified the peer address, encrytion types, group types, as well as the crypto access-lists with the user.
I debugged crypto isakmp and i see MM_NO_STATE when i attempt to ping from a valid ip source.
when I show crypto isa sa, i see that the second session is trying to establish sa's and i see MM_NO_STATE under the status.
The only thing i did differently in the second policy than from the first is that i specified a network address to network address format in my crypto-map access list. I used a host address-to-host address in my first policy. I saw a cisco document that said that either method is fine as long as they are mirrored on both sides. Any insight into the problem would be greatly appreciated.