Session Type: IKE, Duration: 0h:00m:06s, Bytes xmt: 1138, Bytes rcv: 0, Reason: Unknown Current burst rate is 10 per second, max configured rate is 10 Current average rate is 5 per second, max configured rate is 5 Cumulative total count is 3194 Session Type: IKE, Duration: 0h:06m:43s, Bytes xmt: 2194552, Bytes rcv: 2497331, Reason: Phase 2 Mismatch The VPN has come up and Traffic is flowing nicely, however it seems very unstable, it disconnects sometime after a few minutes and i get errors like The device at our remote office 10.0.1.0 is a Vigor 2600 i have configures this to device witht he necessary routes though the vpn but if i dont specify the remote network as 10.0.0.0 255.255.255.0 the SA do not negatiate, i tried setting 0.0.0.0 0.0.0.0, no luck.Īnd the Vigor router config is set remote network to 0.0.0.0 0.0.0.0 Group = 84.45.153.53, IP = 84.45.153.53, All IPSec SA proposals found unacceptable!Ĭan you have more than 1 crypto map per vpn tunnel? Our private network connected to a private organisation has other sites with non 10.x.x.x ranges that we need to connect to, so i wil need to change my crypto maps.Īccess-list outside_1_cryptomap extended permit ip any 10.0.1.0 255.255.255.0 ![]() This config works but it not correct in my opinion I have had this working by configuring the Cryptomap to protect 10.0.0.0 255.0.0.0 traffic as i can only specify 1 crypto mapĪccess-list outside_1_cryptomap extended permit ip 10.0.0.0 255.0.0.0 10.0.1.0 255.255.255.0Īccess-list inside_nat0_outbound extended permit ip 10.0.0.0 255.0.0.0 10.0.1.0 255.255.255.0Ĭrypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmacĬrypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmacĬrypto ipsec security-association lifetime seconds 28800Ĭrypto ipsec security-association lifetime kilobytes 4608000Ĭrypto map outside_map 1 match address outside_1_cryptomapĬrypto map outside_map 1 set peer 84.45.153.53Ĭrypto map outside_map 1 set transform-set ESP-DES-SHAĬrypto map outside_map 1 set security-association lifetime seconds 28800Ĭrypto map outside_map 1 set security-association lifetime kilobytes 4608000 I need remote office 10.0.1.0 to be able to comminicate with the all Vlans and private organisations network 10.157.x.x I have already configured this and have it working but i am only able to communicate fromġ0.0.1.0 255.255.255.0 to 10.0.0.0 255.255.255.0 What i want to be able to do is connect our remote office 10.0.1.0 255.255.255.0 to our Cisco pix 515e Using Site to Site vpn. Internally from vlan1 i cann connect everywhere no problem We have a Cisco Pix 505 located on Vlan 3 which is connect to a Cisco router which provides us with access to a Private organisations network, there IP's are 10.157.x.x 10.158.x.x We have a Cisco Pix 515e as our internet Firewall/VPN end point located on VLAN1 with address 10.0.0.5. We have a Cisco 3750 configured with 3 Vlans. ![]() I having some trouble configuring a VPN tunnel to a remote office and allowing the remote office to connect through the VPN to some remote networks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |