<Need Help - Cisco ASA 8.4.1 to Juniper SSG-550 6.2.0r1.0VPN Configuration>

• Previous message (by thread): <Need Help - Cisco ASA 8.4.1 to Juniper SSG-550 6.2.0r1.0VPN Configuration>
• Next message (by thread): Why is IPv6 broken?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Yes sir.

I called cisci tac and according to the asa team, the tunnel cannot be created because the juniper is not the session to be created due to some missmatches.
--------------------------
Sent using BlackBerry


----- Original Message -----
From: Chris Russell [mailto:chris at nifry.com]
Sent: Friday, July 08, 2011 06:09 PM
To: Michael Ruiz
Cc: nanog at nanog.org <nanog at nanog.org>
Subject: Re: <Need Help - Cisco ASA 8.4.1 to Juniper SSG-550 6.2.0r1.0VPN Configuration>


> Sending 5, 100-byte ICMP Echos to 10.1.4.81, timeout is 2 seconds:
> IPSEC(crypto_map_check)-3: Looking for crypto map matching 5-tuple:
> Prot=1, saddr=10.20.1.2, sport=29733, daddr=10.1.4.81, dport=29733
> IPSEC(crypto_map_check)-5: Checking crypto map CARIBOU-VPN-1 10:
skipping
> incomplete map.  No peer, access-list or transform-set specified.
> IPSEC(crypto_map_check)-1: Error: No crypto map matched.
>
>>From my understanding this is caused by the crypto map not being able to
>>establish a tunnel to the Juniper.

 From that log, the Cisco is missing numerous configuration items:

No peer, access-list or transform-set specified.

 Do you have the above specified in the crypto map within the ASA ?

Cheers

Chris

CONFIDENTIALITY NOTICE: This message is intended only for the individual or entity to which it is addressed and may contain information that is confidential or exempt from disclosure under applicable law. If you are not the intended recipient, you have received this communication in error. In such case, please notify us immediately by reply e-mail and immediately delete this message and its attachments. Any use, dissemination, redistribution or reproduction of this communication is strictly prohibited. Unless the message explicitly states otherwise, no e-mail correspondence claims to be a contractual offer or acceptance. LST Financial has instructed its employees not to send libelous or inappropriate statements and disclaims responsibility for such. Subject to applicable law, LST Financial may monitor, review and retain e-communications traveling through its networks/systems. By messaging with LST Financial you consent to the foregoing.
CONFIDENTIALITY NOTICE: This message is intended only for the individual or entity to which it is addressed and may contain information that is confidential or exempt from disclosure under applicable law. If you are not the intended recipient, you have received this communication in error. In such case, please notify us immediately by reply e-mail and immediately delete this message and its attachments. Any use, dissemination, redistribution or reproduction of this communication is strictly prohibited. Unless the message explicitly states otherwise, no e-mail correspondence claims to be a contractual offer or acceptance. LST Financial has instructed its employees not to send libelous or inappropriate statements and disclaims responsibility for such. Subject to applicable law, LST Financial may monitor, review and retain e-communications traveling through its networks/systems. By messaging with LST Financial you consent to the foregoing.

• Previous message (by thread): <Need Help - Cisco ASA 8.4.1 to Juniper SSG-550 6.2.0r1.0VPN Configuration>
• Next message (by thread): Why is IPv6 broken?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]