I've seen VPN problems between PIXs, Cisco routers and VPN-1s. Sometimes everything seems to be right but it doesn't work. Remove "crypto map" and add them back may help. At least, it helped me twice.
HTH. Yoshi -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, August 01, 2002 2:40 PM To: [EMAIL PROTECTED] Subject: RE: VPN not connecting [7:50144] I've been working on trying to eliminate the variables on each side of the VPN.... The unfortunate thing is, the other side is home, so I usually wait until the late evening/night to work on the remote side.... That's also the reason for the "frustrating" comment earlier. I know I could SSH into it, but, this isn't the only project I've been working on (as I'm sure a lot of you can relate)... So I'm going to hopefully wrap it up by this weekend. One of the main issues I was running into was the remote network was subnetted from the main network so the ACLs got a little confusing. So I've changed the IP scheme on the remote side... This also brings me to another question; a rather newbie one, what other ports should be open(beside 500)? I received an email from someone saying 50 & 51, does that sound right? If you have the, "allow any out and return in", settings for firewall rules... Do the ports still need to be opened (I would think not since there is the nat0 command?)? The other issue I'm looking into is the MTU size.... Once I establish the tunnel and maintain connectivity I'll let y'all know what I find.... Thanx for the help, mkj -----Original Message----- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 2:54 PM To: [EMAIL PROTECTED] Subject: RE: VPN not connecting [7:50144] Lidiya White wrote: > > Capture debugs on both ends at the same time. Should be more > helpful. > Make sure both ends have "isakmp identify address"... > > -- Lidiya White Sounds like a good idea. So Mike, what was the problem? It sure would help those of learning IPSec to hear how you resolved the issue. Thanks. Priscilla > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On > Behalf Of > [EMAIL PROTECTED] > Sent: Tuesday, July 30, 2002 4:05 PM > To: [EMAIL PROTECTED] > Subject: RE: VPN not connecting [7:50144] > > The ACLs are mirrors of each other and the transform sets > match.... > Very > frustrating.... > > -----Original Message----- > From: Silju Pillai [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, July 30, 2002 2:29 PM > To: [EMAIL PROTECTED] > Subject: RE: VPN not connecting [7:50144] > > > Hi, > > Pls check the interesting traffic configured > (access list) configured at both ends. Your transform set > parameters > too. It > should be same. > > As you are receiving IKMP_no_error your isakmp policies are > working > fine. > > regards Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50499&t=50144 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
