• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

site to site ipsec vpn problem

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> VPN >> site to site ipsec vpn problem Page: [1]
Login
Message << Older Topic   Newer Topic >>
site to site ipsec vpn problem - 26.May2008 8:08:56 AM   
sunlinux

 

Posts: 1
Joined: 26.May2008
Status: offline
Hi guys,

One end using cisco ASA 5505 n other side using server 2003 SP 2 with ISA 06, I can's unable to ping remote lan ip of both end from both side , though I have created site to site tunnel.

can anybody guide me what's going wrong ?

summary:

Local end ISA server:

Local Tunnel Endpoint: 220.226.110.106
Remote Tunnel Endpoint: 210.212.110.199
To allow HTTP proxy or NAT traffic to the remote site,
the remote site configuration must contain the local
site tunnel end-point IP address.
IKE Phase I Parameters:
Mode: Main mode
Encryption: 3DES
Integrity: SHA1
Diffie-Hellman group: Group 2 (1024 bit)
Authentication Method: Pre-shared secret (cisco123)
Security Association Lifetime: 28800 seconds

IKE Phase II Parameters:
Mode: ESP tunnel mode
Encryption: 3DES
Integrity: SHA1
Perfect Forward Secrecy: ON
Diffie-Hellman group: Group 2 (1024 bit)
Time Rekeying: ON
Security Association Lifetime: 3600 seconds
Kbyte Rekeying: OFF
Remote Network 'bsnl' IP Subnets:
Subnet: 10.100.78.0/255.255.255.0
Local Network 'Internal' IP Subnets:
Subnet: 192.168.0.0/255.255.0.0
Routable Local IP Addresses:
Subnet: 10.100.76.0/255.255.254.0
Subnet: 10.100.72.0/255.255.252.0
Subnet: 10.100.64.0/255.255.248.0
Subnet: 10.100.0.0/255.255.192.0
Subnet: 10.96.0.0/255.252.0.0
Subnet: 10.64.0.0/255.224.0.0
Subnet: 10.0.0.0/255.192.0.0
Subnet: 8.0.0.0/254.0.0.0
Subnet: 0.0.0.0/248.0.0.0
Subnet: 10.100.79.0/255.255.255.0
Subnet: 10.100.80.0/255.255.240.0
Subnet: 10.100.96.0/255.255.224.0
Subnet: 10.100.128.0/255.255.128.0
Subnet: 10.101.0.0/255.255.0.0
Subnet: 10.102.0.0/255.254.0.0
Subnet: 10.104.0.0/255.248.0.0
Subnet: 10.112.0.0/255.240.0.0
Subnet: 10.128.0.0/255.128.0.0
Subnet: 11.0.0.0/255.0.0.0
Subnet: 126.0.0.0/255.0.0.0
Subnet: 124.0.0.0/254.0.0.0
Subnet: 12.0.0.0/252.0.0.0
Subnet: 120.0.0.0/252.0.0.0
Subnet: 112.0.0.0/248.0.0.0
Subnet: 16.0.0.0/240.0.0.0
Subnet: 96.0.0.0/240.0.0.0
Subnet: 32.0.0.0/224.0.0.0
Subnet: 64.0.0.0/224.0.0.0
Subnet: 128.0.0.0/128.0.0.0


remote end:

Local Tunnel Endpoint: 210.212.110.199
Remote Tunnel Endpoint: 220.226.110.106
IKE Phase I Parameters:
Mode: Main mode
Encryption: 3DES
Integrity: SHA1
Diffie-Hellman group: Group 2 (1024 bit)
Authentication Method: Pre-shared secret (cisco123)
Security Association Lifetime: 28800 seconds

IKE Phase II Parameters:
Mode: ESP tunnel mode
Encryption: 3DES
Integrity: SHA1
Perfect Forward Secrecy: ON
Diffie-Hellman group: Group 2 (1024 bit)
Time Rekeying: ON
Security Association Lifetime: 3600 seconds
Kbyte Rekeying: OFF
Site-to-Site Network IP Subnets:
Subnet: 10.100.76.0/255.255.254.0
Subnet: 10.100.72.0/255.255.252.0
Subnet: 10.100.64.0/255.255.248.0
Subnet: 10.100.0.0/255.255.192.0
Subnet: 10.96.0.0/255.252.0.0
Subnet: 10.64.0.0/255.224.0.0
Subnet: 10.0.0.0/255.192.0.0
Subnet: 8.0.0.0/254.0.0.0
Subnet: 0.0.0.0/248.0.0.0
Subnet: 10.100.79.0/255.255.255.0
Subnet: 10.100.80.0/255.255.240.0
Subnet: 10.100.96.0/255.255.224.0
Subnet: 10.100.128.0/255.255.128.0
Subnet: 10.101.0.0/255.255.0.0
Subnet: 10.102.0.0/255.254.0.0
Subnet: 10.104.0.0/255.248.0.0
Subnet: 10.112.0.0/255.240.0.0
Subnet: 10.128.0.0/255.128.0.0
Subnet: 11.0.0.0/255.0.0.0
Subnet: 126.0.0.0/255.0.0.0
Subnet: 124.0.0.0/254.0.0.0
Subnet: 12.0.0.0/252.0.0.0
Subnet: 120.0.0.0/252.0.0.0
Subnet: 112.0.0.0/248.0.0.0
Subnet: 16.0.0.0/240.0.0.0
Subnet: 96.0.0.0/240.0.0.0
Subnet: 32.0.0.0/224.0.0.0
Subnet: 64.0.0.0/224.0.0.0
Subnet: 128.0.0.0/128.0.0.0

ISA showing error in ALERTS:

Description: The Firewall service cannot create the IPsec configuration for the bsnl network.
The failure is due to error: 0x80070001

< Message edited by sunlinux -- 26.May2008 8:11:29 AM >
Post #: 1

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> VPN >> site to site ipsec vpn problem Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts