Access the answers to your technology questions today.
Subscribe Now
30-day free trial. Register in 60 seconds.
What Makes Experts Exchange Unique?
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Try it out and discover for yourself.
Subscribe Now
30-day free trial. Register in 60 seconds.
Join the Community
Give a Little. Get a Lot.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
Join the Community
by: batry_boyPosted on 2007-03-31 at 05:33:39ID: 18828432
From the CLI, try removing (use the "no" form of the command):
crypto map outside_map 20 set pfs
from both sides and adding
crypto isakmp nat-traversal
to both sides.
Then, try a ping again and make sure the tunnel is coming up to begin with. Issue the command:
show crypto isakmp sa
And see if you see the tunel in with MM_ACTIVE state. You can also do a
show crypto ipsec sa
to see the amount of traffic being sent down the tunnel. What do you see?