Cisco Site to Site help if possible

Fredrick · 14-10-2008, 09:37

Hello i am having a problem with me VPN connect i can see the problem but no way to change this which is the most annoying this:

(remote and local address has been changed to save people fiddling, the 146.81.200.61 is the correct)

crypto isakmp policy 11
encr 3des
authentication pre-share group 2
lifetime 28800
crypto isakmp key ********* address 81.200.200.154
!
!
crypto ipsec transform-set TSLVPN esp-3des esp-sha-hmac
!
crypto map VPNMAP 11 ipsec-isakmp
set peer 81.200.200.154
set transform-set TSLVPN
set pfs group2
match address 101

this is all correctly on the interface and had this double checked which looks correct to everyone else

but obviously not connecting

when i do 'show crypto session'

Interface: FastEthernet0
Session status: DOWN
Peer: 81.200.200.154 port 500
IPSEC FLOW: permit ip 10.0.0.0/255.0.0.0 172.16.0.0/255.255.0.0
Active SAs: 0, origin: crypto map

Interface: FastEthernet0
Session status: DOWN-NEGOTIATING
Peer: 146.81.200.61 port 500
IKE SA: local 217.200.200.234/500 remote 146.81.200.61/500 Inactive
IKE SA: local 217.200.200.234/500 remote 146.81.200.61/500 Inactive
IKE SA: local 217.200.200.234/500 remote 146.81.200.61/500 Inactive
IKE SA: local 217.200.200.234/500 remote 146.81.200.61/500 Inactive

on the IKE SA where is it getting that remote address from as its completely wrong the remote address should be the same as my set peer address 81.200.200.154

i have tried re-creating the all details on the router and still no joy....the 146 cannot be pinged so no idea where it is

also when doing a trace route from both site the 146 address is not mentioned in either on the results

really scratching my head on this one....even more as its my first solo VPN setup that i want to do with people checking and now i have hit this problem

if you can help could you please explain in detail possibly with some command examples...thankyouany help would be great cheers

i have asked this question on a couple of other sites looking for some help as i am getting stumped.....it will be connecting to a Juniper firewall so i cannot test from another cisco box and see my results

Fredrick · 14-10-2008, 14:18

worked it out

the 146 address was spamming my address for some unknown reason....

have to create and ACL to deny inbound traffic from that address then it all kicked in