Cisco ISAKMP IPSEC VPN tunnel not building

I have two locations. The primary Cisco 2800 router currently hiolds 50-60 VPN's and it connects to Cisco 850/870 series routers for each of them. I have a new site with 3 tunnels terminating on 3 unique Cisco 850 routers. The 850's successfully build tunnels to a third location, however, none of them build to my primary location. I have attached a debug from one RemoteRouter and also its config (all 3 sites are identical, barring unique keys and address'). The caveates that may be pertinent are that the 3 routers/tunnels all are NAT's on the remote sites at one common firewall (each has it's own unique NAT address). The other unique issue is that the external address on my MainRouter and the external address of the customers firewall all reside on one ISP (QWEST). I am having difficulty seeing what is affecting my connection.  I have attached the debug info from RemoteRouter, the config from RemoteRouter, and the pertinent info from MainRouter.
debug-on-RemoteRouter-after-ping
RemoteRouter-Config
Main-crypto
rwbollAsked:
Who is Participating?
 
geergonConnect With a Mentor Commented:
Hello !

Nat traversal or nat transparency should be enabled by default. (Anyway confirm if in the main router NAT-T is disabled)
*Mar  3 00:04:49.032: ISAKMP (0:0): received packet from 46.46.46.46 dport 500 sport 500 Global (R) MM_SA_SETUP
...
....
*Mar  3 00:04:49.064: ISAKMP:(2037):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
*Mar  3 00:04:49.064: ISAKMP:(2037):Old State = IKE_R_MM3  New State = IKE_R_MM4
*Mar  3 00:04:49.220: ISAKMP (0:2037): received packet from 46.46.46.46 dport 4500 sport 4500 Global (R) MM_KEY_EXCH


As the logs saids it start to do the negotiation of the tunnel using port 500 main mode, after that, it changes to port 4500 and then the problem occurs....

Again try to verify if there is any command disabling NAT-T
Also configure the firewall --->162.162.162.162 to permit ipsec passing through
PIX/ASA 7.x and Above IPsec Tunnel Pass Through a Security Appliance With use of Access List and MPF with NAT Configuration Example
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008045a2d2.shtml
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009486e.shtml


0
 
rwbollAuthor Commented:
Traversal of a perimitter PIX was effecting the tunnel. Chnanges to the perimiter PIX alowwed the tunnel to build.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.