Tunnel phase 2 question

Posted on 2015-02-18
Last Modified: 2015-02-18

What might be the issue when phase 1 and 2 is up but I cannot ping the subnet of the peer but the pkts encaps are growing when I ping the subnet and pkts decaps are staying the same. decapsulation seems like it's not happening?
Question by:Shark Attack
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 94

Accepted Solution

John Hurst earned 500 total points
ID: 40616768
What might be the issue when phase 1 and 2 is up but I cannot ping the subnet of the peer

Are the two ends of the tunnel on the same subnet?  That will cause what you see.

What answer do you get when you run PING?

Author Comment

by:Shark Attack
ID: 40616786
It finally worked. I think the issues seems to be with their subnets. I got it to work thanks!
LVL 94

Expert Comment

by:John Hurst
ID: 40616816
@Zack Gil  - Thank you for the update and I was happy to help.
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.


Author Comment

by:Shark Attack
ID: 40616848
let me ask you a questions since we're at the topic.

How come when I create a crypto map on the asa 5520 v 8.2  I only get an option to create a dynamic map?

When I do crypto map MAP 50 ipsec-isakmp and hit enter, I get command incomplete, so I hit the ? and I get dynamic. How can I just get ipsec-isa and not dynamic map?

Cisco Adaptive Security Appliance Software Version 8.2(5)
Device Manager Version 6.4(5)206

Compiled on Fri 20-May-11 16:00 by builders
System image file is "disk0:/asa825-k8.bin"
Config file at boot was "startup-config"

Suzlon-Chicago-IL-Primary-ASA up 49 days 17 hours

Hardware:   ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
LVL 94

Expert Comment

by:John Hurst
ID: 40616862
I use Juniper and Cisco RVxx routers so the commands and GUI interfaces are different. The subnet issue affects all VPN setups.

Please look at this Cisco Support Article that says that parameters need to be completed before the command can work.

Look down the page for "WARNING: crypto map entry will be incomplete "

See if this sheds any light.

Author Comment

by:Shark Attack
ID: 40616874
thanks !

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question