Firewall Wizards mailing list archives
Re: asa 5505 vpn ipsec l2l problem
From: Farrukh Haroon <farrukhharoon () gmail com>
Date: Fri, 2 Oct 2009 21:02:23 +0300
Run these three debugs debug crypto engine debug crypto isakmp 127 debug crypto ipsec 127 and then see if you get any more meaningful debugs. Regards Farrukh Haroon CCIE Security On Fri, Oct 2, 2009 at 3:09 PM, Hrvoje Popovski <hrvoje () srce hr> wrote:
hello eveyone, i have asa 5505 with Base license and 7.2.4 sofware. Licensed features for this platform: Maximum Physical Interfaces : 8 VLANs : 3, DMZ Restricted Inside Hosts : 10 Failover : Disabled VPN-DES : Enabled VPN-3DES-AES : Enabled VPN Peers : 10 WebVPN Peers : 2 Dual ISPs : Disabled VLAN Trunk Ports : 0 i'm trying to create l2l ipsec tunnel reading manual on http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/site2sit.html and when i'm applying acl in crypto map crypto map abcMap 1 match address acl i'm getting this log: Ignoring msg to mark SA with specified coordinates <abcMap, 1> dead i don't have any debug messages (debug crypto ipsec 100) google it but haven't found any answer. thank you for your answers! acl access-list acl extended permit tcp host 192.168.11.11 host 10.1.100.13 eq 4000 access-list acl extended permit tcp host 192.168.11.11 host 10.1.110.250 eq 4000 access-list acl extended permit tcp host 192.168.11.11 eq ftp host 10.1.100.105 eq ftp access-list acl extended permit tcp host 192.168.11.11 host 10.1.100.105 eq ftp-data access-list acl extended permit tcp host 192.168.11.12 host 10.1.100.13 eq 4000 access-list acl extended permit tcp host 192.168.11.12 host 10.1.110.250 eq 4000 access-list acl extended permit tcp host 192.168.11.12 host 10.1.100.105 eq ftp access-list acl extended permit tcp host 192.168.11.12 host 10.1.100.105 eq ftp-data _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- asa 5505 vpn ipsec l2l problem Hrvoje Popovski (Oct 02)
- Re: asa 5505 vpn ipsec l2l problem Christopher J. Wargaski (Oct 02)
- Re: asa 5505 vpn ipsec l2l problem Paul Melson (Oct 02)
- Re: asa 5505 vpn ipsec l2l problem Farrukh Haroon (Oct 02)
- Re: asa 5505 vpn ipsec l2l problem Eric Gearhart (Oct 02)
- Re: asa 5505 vpn ipsec l2l problem Hrvoje Popovski (Oct 04)
- Re: asa 5505 vpn ipsec l2l problem Eric Gearhart (Oct 08)
- Re: asa 5505 vpn ipsec l2l problem craig . wilson (Oct 08)
- Re: asa 5505 vpn ipsec l2l problem Farrukh Haroon (Oct 08)
- Re: asa 5505 vpn ipsec l2l problem Hrvoje Popovski (Oct 04)