skeatingMemberJuly 28, 2015 at 11:45 am #165600
I have just taken over a setup, and I am having a problem getting an Avaya Phone to connect over a VPN tunnel using a Netgear FVS 114 to a Cisco 515E PIX. Right now I am trying just to get the VPN Tunnel to stay up so I can ping the servers on the network, then I’ll try to connect the phone. I have 12 other users using the PIX to connect their phone. I have tried to add another user. I copied the running config lines for a user that can connect, made the necessary changes to the lines, and then pasted them back into the running config and did write mem. I checked the lines for accuracy, and they match the other lines. The crypto map is bound to the interface. When I check access-list, the new user shows 479 hitcnt. But the VPN Tunnel will not either come up or stay up, because I cannot ping anything on the network. Is there another way I am suppose to create new user, or is the way I did okay? Is there somewhere other then in the running config I am suppose to make a change or entry?
Additional info: show crypto ipsec sa shows @recv errors 266, #pkts decaps 863, #pkts encaps 0. Attached is the log of the Netgear FVS
Here are the config lines from running config:
name 172.16.203.0 Taylor
access-list inside_nat0_outbound permit ip 10.15.0.0 255.255.0.0 Taylor 255.255.255.0
access-list inside_nat0_outbound permit ip 10.10.0.0 255.255.0.0 Taylor 255.255.255.0
access-list TAG_cryptomap_91 permit ip 10.10.0.0 255.255.0.0 Taylor 255.255.255.0
access-list TAG_cryptomap_91 permit ip 10.15.0.0 255.255.0.0 Taylor 255.255.255.0
crypto map outside_map 91 match address TAG_cryptomap_91
crypto map outside_map 91 set peer 22.214.171.124
crypto map outside_map 91 set transform-set ESP-3DES-MD5
isakmp keyXXXXXXX address 126.96.36.199 netmask 255.255.255.255 no-xauth no-config-mode
Kobe 310ParticipantAugust 27, 2015 at 1:04 pm #363104
i can try to help, i have several vpn’s, site to site , client and anyconnect, but on my ASA.
you are saying that this vpn works now, you mentioned trying to get the tunnel to stay up, but 12 users using it right now, or am i missing something.
newITgirlMemberAugust 27, 2015 at 1:30 pm #391060
Found out yesterday what the cause was. I had created two users, and since I was connecting both from the same IP address, just not at the same time, the PIX was getting confused. I can only connect from one IP address at a time. Once this was pointed out to me, I was able to get it to work.
You must be logged in to reply to this topic.