Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > troubleshoot the site-to-site vpn Problem

Reply
Thread Tools

troubleshoot the site-to-site vpn Problem

 
 
Benson
Guest
Posts: n/a
 
      04-27-2005
Hi,

i have set up a site-to-site VPN, but has problem which I can not
access the network access and network resources between sites.

1. When I use the command: show isakmp sa

dst sr state pending created
abc xyz QM_IDLE 0 0


2. when I use the command : show crypto engine

active = 0

( I think this command can be used when the link ( network sevice ) is
established between sites ).

So :
How can I know if the site-to-site VPN is working ( the IPsec tunnel
is formed ) ?

How can I know if the network resource is accessed by either of sites
?

Thank you
Benson
 
Reply With Quote
 
 
 
 
RobO
Guest
Posts: n/a
 
      04-27-2005
Hi Benson,

Are you able to ping any devices across the tunnel?
Try do an extended ping from one of the routers using your inside
interface as the source to the other side or ping from a PC on one side
to a PC on the other side.

After you have run the ping, check with "sh crypto ipsec sa" and see if
any packets are actually getting encrypted/decrypted -
encapsulated/decapsulated.

If you are getting a response from the pings it might be that your MTU
or TCP maximum segment size needs to be decreased.
Let me know.

Do you have route statements for both networks?

Rob

 
Reply With Quote
 
 
 
 
Benson
Guest
Posts: n/a
 
      04-28-2005
Hi, Rob,

Do you think from my observation, the IPsec tunnel is formed or not ?

I can not ping any resources in each site, what do you think about the
network status ?

Thank you
Benson



http://www.velocityreviews.com/forums/(E-Mail Removed) (Benson) wrote in message news:<(E-Mail Removed). com>...
> Hi,
>
> i have set up a site-to-site VPN, but has problem which I can not
> access the network access and network resources between sites.
>
> 1. When I use the command: show isakmp sa
>
> dst sr state pending created
> abc xyz QM_IDLE 0 0
>
>
> 2. when I use the command : show crypto engine
>
> active = 0
>
> ( I think this command can be used when the link ( network sevice ) is
> established between sites ).
>
> So :
> How can I know if the site-to-site VPN is working ( the IPsec tunnel
> is formed ) ?
>
> How can I know if the network resource is accessed by either of sites
> ?
>
> Thank you
> Benson

 
Reply With Quote
 
RobO
Guest
Posts: n/a
 
      04-28-2005
The tunnel looks to be established depending on how long the ISAKMP SA
stays in that state(QM_IDLE).
Have you got any routes to either side of the network?

Post your config if you can it will be easier to troubleshoot.

Rob

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
VPN troubleshoot missing hop W/ Cisco 1801 Masterx81 Cisco 1 03-08-2007 10:43 AM
troubleshoot port forwarding problem Steve Richter Cisco 3 05-09-2005 08:26 PM
How to troubleshoot intermittent connections. =?Utf-8?B?Q2FybHlsZTMwMg==?= Wireless Networking 2 03-27-2005 11:59 PM
How do I troubleshoot this? John Wireless Networking 4 10-02-2004 10:14 AM
Can anyone help troubleshoot this Windows problem? Jeff J Computer Information 8 05-04-2004 02:51 PM



Advertisments