nanog mailing list archives

Re: <Need Help - Cisco ASA 8.4.1 to Juniper SSG-550 6.2.0r1.0VPN Configuration>

From: Michael Ruiz <mruiz () lstfinancial com>
Date: Sat, 9 Jul 2011 13:36:56 +0000

Yes sir.

I called cisci tac and according to the asa team, the tunnel cannot be created because the juniper is not the session 
to be created due to some missmatches.
--------------------------
Sent using BlackBerry


----- Original Message -----
From: Chris Russell [mailto:chris () nifry com]
Sent: Friday, July 08, 2011 06:09 PM
To: Michael Ruiz
Cc: nanog () nanog org <nanog () nanog org>
Subject: Re: <Need Help - Cisco ASA 8.4.1 to Juniper SSG-550 6.2.0r1.0VPN Configuration>

Sending 5, 100-byte ICMP Echos to 10.1.4.81, timeout is 2 seconds:
IPSEC(crypto_map_check)-3: Looking for crypto map matching 5-tuple:
Prot=1, saddr=10.20.1.2, sport=29733, daddr=10.1.4.81, dport=29733
IPSEC(crypto_map_check)-5: Checking crypto map CARIBOU-VPN-1 10:

skipping

incomplete map.  No peer, access-list or transform-set specified.
IPSEC(crypto_map_check)-1: Error: No crypto map matched.

From my understanding this is caused by the crypto map not being able to
establish a tunnel to the Juniper.

From that log, the Cisco is missing numerous configuration items:

No peer, access-list or transform-set specified.

Do you have the above specified in the crypto map within the ASA ?

Cheers

Chris

CONFIDENTIALITY NOTICE: This message is intended only for the individual or entity to which it is addressed and may
contain information that is confidential or exempt from disclosure under applicable law. If you are not the intended
recipient, you have received this communication in error. In such case, please notify us immediately by reply e-mail
and immediately delete this message and its attachments. Any use, dissemination, redistribution or reproduction of this
communication is strictly prohibited. Unless the message explicitly states otherwise, no e-mail correspondence claims
to be a contractual offer or acceptance. LST Financial has instructed its employees not to send libelous or
inappropriate statements and disclaims responsibility for such. Subject to applicable law, LST Financial may monitor,
review and retain e-communications traveling through its networks/systems. By messaging with LST Financial you consent
to the foregoing.
CONFIDENTIALITY NOTICE: This message is intended only for the individual or entity to which it is addressed and may
contain information that is confidential or exempt from disclosure under applicable law. If you are not the intended
recipient, you have received this communication in error. In such case, please notify us immediately by reply e-mail
and immediately delete this message and its attachments. Any use, dissemination, redistribution or reproduction of this
communication is strictly prohibited. Unless the message explicitly states otherwise, no e-mail correspondence claims
to be a contractual offer or acceptance. LST Financial has instructed its employees not to send libelous or
inappropriate statements and disclaims responsibility for such. Subject to applicable law, LST Financial may monitor,
review and retain e-communications traveling through its networks/systems. By messaging with LST Financial you consent
to the foregoing.

Current thread:

<Need Help - Cisco ASA 8.4.1 to Juniper SSG-550 6.2.0r1.0VPN Configuration> Michael Ruiz (Jul 08)
- Re: <Need Help - Cisco ASA 8.4.1 to Juniper SSG-550 6.2.0r1.0VPN Configuration> Chris Russell (Jul 08)
  - Re: <Need Help - Cisco ASA 8.4.1 to Juniper SSG-550 6.2.0r1.0VPN Configuration> Michael Ruiz (Jul 09)