IPSEC VPN between 506e and 501

Discussion in 'Cisco' started by Alex, Aug 15, 2008.

  1. Alex

    Alex Guest

    Hi all,

    Im having trouble with a site to site ipsec vpn connection.

    Yesterday I had to change over to a new internet connection, so I
    swapped out the router and changed to a new set of ip address at one
    side of the connection but now I cannot reestablish connection.

    it appears IKE is coming up, I think it is the router but ive disabled
    its firewall so not sure what else it could be. its a nortel BSR 252
    if that helps

    heres some of the syslog -

    08-15-2008 10:59:26 Local4.Debug 192.168.1.1 Aug 15 2008 11:00:01:
    %PIX-7-702204: ISAKMP Phase 1 retransmission (local pix's outside ip
    (initiator), remote remote pix's ip)

    08-15-2008 10:59:10 Local4.Debug 192.168.1.1 Aug 15 2008 10:59:44:
    %PIX-7-702208: ISAKMP Phase 1 exchange started (local pix's outside ip
    (initiator), remote remote pix's ip)

    08-15-2008 10:59:10 Local4.Debug 192.168.1.1 Aug 15 2008 10:59:44:
    %PIX-7-702303: sa_request, (key eng. msg.) src= pix's outside ip,
    dest= remote pix's ip, src_proxy= 192.168.1.0/255.255.255.0/0/0
    (type=4), dest_proxy= Welling/255.255.255.0/0/0 (type=4), protocol=
    ESP, transform= esp-3des esp-md5-hmac , lifedur= 28800s and 4608000kb,
    spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4004

    if you need anymore info please ask ?

    Thanks

    Alex
     
    Alex, Aug 15, 2008
    #1
    1. Advertisements

  2. Alex

    Alex Guest

    No worry, problem was a faulty router.
     
    Alex, Aug 15, 2008
    #2
    1. Advertisements

  3. Alex

    Josef Guest

    I have come cross same issue before and I rest the key from both side
    and it works, try it ..

    Also, make sure that the interesting traffic , access-list , are
    symmetric to each other.

    Regards,
     
    Josef, Aug 16, 2008
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.