Thread: Site-to-Site VPN with Cisco PIX
View Single Post
  #1 (permalink)  
Old 2006-03-24
tekkitan tekkitan is offline
Junior Member
  
Join Date: 2006-03-24
Posts: 1
Rep Power: 0
tekkitan has an average reputation (10+)
Default Site-to-Site VPN with Cisco PIX
We have a customer with an edge box in Europe, that is doing a Site-to-Site VPN to a Cisco PIX here in the states. All of our setting are identicle, except for the VPN domains. They are doing per host VPN, and we are stuck with network. Since the edge only has capability (to our knowledge) to do up to three hosts/networks, this is causing problems we think.

We are seeing the following errors:

Quote:
00029 24Mar2006 15:36:49 Failed to establish VPN Tunnel with ***.***.***.***: no response from peer.
00028 24Mar2006 15:36:13 Failed to establish VPN Tunnel with ***.***.***.***: no proposal chosen
00027 24Mar2006 15:36:13 IKE Phase1: Completed successfully with VPN peer ***.***.***.*** [Security: 3DES/MD5 Expire Time: 23 hour(s), 59 minute(s), 59 second(s) NAT-T: turned off]
00024 24Mar2006 15:34:12 Closed VPN Tunnel with ***.***.***.***
00023 24Mar2006 15:34:12 Failed to establish VPN Tunnel with ***.***.***.***: no proposal chosen
00022 24Mar2006 15:32:50 Failed to establish VPN Tunnel with ***.***.***.***: no response from peer.
00021 24Mar2006 15:32:15 IKE Phase2: Completed successfully with VPN peer ***.***.***.*** [My Ranges: 192.168.10.0-192.168.10.255 Peer Ranges: 172.16.3.97-172.16.3.97 Security: 3DES/SHA1 Expire time: 1 hour(s), 0 second(s) NAT-T: turned off]
00020 24Mar2006 15:32:15 Failed to establish VPN Tunnel with ***.***.***.***: no proposal chosen
00019 24Mar2006 15:32:14 IKE Phase1: Completed successfully with VPN peer ***.***.***.*** [Security: 3DES/MD5 Expire Time: 23 hour(s), 59 minute(s), 59 second(s) NAT-T: turned off]
00018 24Mar2006 15:32:14 ESP ***.***.***.*** [Decryption error] ***.***.***.*** (Safe@Office)
00017 24Mar2006 15:32:14 TCP 192.168.10.254 (DOM-SITE) [TCP out of state] 2046 172.16.3.97 1352 (Lotus Notes)
00016 24Mar2006 15:32:12 Closed VPN Tunnel with ***.***.***.***
00015 24Mar2006 15:32:12 Failed to establish VPN Tunnel with ***.***.***.***: no proposal chosen
00014 24Mar2006 15:30:52 IKE Phase2: Completed successfully with VPN peer ***.***.***.*** [My Ranges: 192.168.10.0-192.168.10.255 Peer Ranges: 172.16.3.97-172.16.3.97 Security: 3DES/SHA1 Expire time: 1 hour(s), 0 second(s) NAT-T: turned off]
00013 24Mar2006 15:30:49 Failed to establish VPN Tunnel with ***.***.***.***: no response from peer.
00012 24Mar2006 15:30:14 Failed to establish VPN Tunnel with ***.***.***.***: no proposal chosen
00011 24Mar2006 15:30:13 IKE Phase1: Completed successfully with VPN peer ***.***.***.*** [Security: 3DES/MD5 Expire Time: 23 hour(s), 59 minute(s), 59 second(s) NAT-T: turned off]
Anyone have any ideas for us? Do you think it's the host based VPN that the Cisco PIX is doing?
Reply With Quote