Re: Trouble the site-to-site VPN

Discussion in 'Cisco' started by Walter Roberson, May 4, 2005.

  1. In article <d50d0p$>,
    Benson Lei <> wrote:
    :Two PIX to form a site-to-site VPN;

    :the vpn network is established, but they can not see each other;

    UDP 500 (isakmp) is getting through, but something else isn't.

    You really haven't said much about your configuration or topology
    (not even the software versions or models), so I will have to
    make educated guesses.

    Based upon the messages that appear (and that don't), it appears
    to me that you do not have isakmp nat-traversal turned on,
    and that IP protocol 50 (ESP) is not getting through -- either
    ESP is blocked or you are trying to do ESP through a device
    that is doing Port Address Translation.

    If you push your logging level up to 6 (debugging) then what
    messages show up in the log?


    Here are some VPN debugging hints that might be of use to you
    a bit later:

    http://groups.google.ca/groups?selm=d03ueh$se3$

    http://groups.google.ca/groups?selm=cvdnbr$ktv$
    --
    History is a pile of debris -- Laurie Anderson
    Walter Roberson, May 4, 2005
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. tical
    Replies:
    3
    Views:
    3,871
    tical
    May 27, 2004
  2. Rick Stromberg
    Replies:
    7
    Views:
    9,826
    luisjimher
    Jun 3, 2011
  3. Nathan Simpson

    Incoming VPN and site to site VPN problems

    Nathan Simpson, Aug 14, 2004, in forum: Cisco
    Replies:
    1
    Views:
    462
  4. JJ DD
    Replies:
    3
    Views:
    648
    Anthony Mahoney
    Aug 23, 2004
  5. pasatealinux
    Replies:
    1
    Views:
    1,995
    pasatealinux
    Dec 17, 2007
Loading...

Share This Page