Hello All,

                I have been working for two days trying to get an ASA to setup 
a VPN tunnel to a SSG-550.  I have the VPN tunnel Setup and ready to go on the 
ASA.  I ran a Debug crypto IPSec 200 and crypto ikve1 200.  I do the command 
ping PRIVATE <ip address> and I get in the console


Sending 5, 100-byte ICMP Echos to 10.1.4.81, timeout is 2 seconds:
IPSEC(crypto_map_check)-3: Looking for crypto map matching 5-tuple: Prot=1, 
saddr=10.20.1.2, sport=29733, daddr=10.1.4.81, dport=29733
IPSEC(crypto_map_check)-5: Checking crypto map CARIBOU-VPN-1 10: skipping 
incomplete map.  No peer, access-list or transform-set specified.
IPSEC(crypto_map_check)-1: Error: No crypto map matched.

>From my understanding this is caused by the crypto map not being able to 
>establish a tunnel to the Juniper.

On my Juniper configuration I have built the Gateway and set the Phase 1 
Proposal to "pre-g2-3des-md5" followed by "pre-g2-3des-sha"

For the VPN configuration I use the predefined gateway configuration.

Under the advanced button, I use the predefined of "compatible" and the Phase 2 
Proposal "nopfs-esp-3des" followed by "nopfs-esp-3des"
The proxy id is the local IP / Network block and the remote IP network block is 
the destination IP block.  The only part that has me wondering, because the 
Juniper has multiple zones, i.e. a DMZ, Trust, and Untrust.  Each Zone has its 
own IP block that is assigned to it.  I have entered a policy into one of the 
zones, i.e. Untrust to Trust, input source block, destination block, specified 
it is a tunnel, set for bi-directional entry and that should be it.

Any help in this as always will be greatly appreciated.  Thank you.



Thank You,

MAR

CONFIDENTIALITY NOTICE: This message is intended only for the individual or 
entity to which it is addressed and may contain information that is 
confidential or exempt from disclosure under applicable law. If you are not the 
intended recipient, you have received this communication in error. In such 
case, please notify us immediately by reply e-mail and immediately delete this 
message and its attachments. Any use, dissemination, redistribution or 
reproduction of this communication is strictly prohibited. Unless the message 
explicitly states otherwise, no e-mail correspondence claims to be a 
contractual offer or acceptance. LST Financial has instructed its employees not 
to send libelous or inappropriate statements and disclaims responsibility for 
such. Subject to applicable law, LST Financial may monitor, review and retain 
e-communications traveling through its networks/systems. By messaging with LST 
Financial you consent to the foregoing.

Reply via email to