before adding encryption it is a good idea to test basic routing so you will know where to troubleshooting if needed.
Best Regards, - Joshua R. Walton Senior Network Engineer CCNP, CCSP, CCVP, INFOSEC Subject: RE: [OSL | CCIE_Security] CCIE_Security Digest, Vol 18, Issue 13Date: Sat, 29 Dec 2007 17:34:25 -0800From: [EMAIL PROTECTED]: [EMAIL PROTECTED]; [email protected] SSH is not working. Seeing the following message in output. R1#ssh -l ipexpert 10.5.5.55 *Dec 30 01:06:41.675: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Informational mode failed with peer at 10.5.5.55R1#R1# R1#ssh -l ipexpert 192.1.49.55 R1# First of all, why R1 is not pinging ASA1? Secondly, If R1 is able to ping ASA2 then why ssh connection did not establish (as seen in the above output)? Attaching sh crypto output and pings from R1 suggesting that peer relationship with both ASAs is established but still tunnel is not formed. Appreciate any help. -Anshul From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joshua WaltonSent: Saturday, December 29, 2007 10:21 AMTo: [EMAIL PROTECTED]: Re: [OSL | CCIE_Security] CCIE_Security Digest, Vol 18, Issue 13 verify by SSH'ing to ASA1 and ASA2 from R1 R1# ssh -l ipexpert 192.1.49.55 R1# ssh -l ipexpert 10.5.5.55 Best Regards, - Joshua R. Walton Senior Network Engineer CCNP, CCSP, CCVP, INFOSEC> From: [EMAIL PROTECTED]> Subject: CCIE_Security Digest, Vol 18, Issue 13> To: [email protected]> Date: Sat, 29 Dec 2007 12:00:03 -0500> > Send CCIE_Security mailing list submissions to> [email protected]> > To subscribe or unsubscribe via the World Wide Web, visit> http://onlinestudylist.com/mailman/listinfo/ccie_security> or, via email, send a message with subject or body 'help' to> [EMAIL PROTECTED]> > You can reach the person managing the list at> [EMAIL PROTECTED]> > When replying, please edit your Subject line so it is more specific> than "Re: Contents of CCIE_Security digest..."> > > Today's Topics:> > 1. Section 15 Task 7.6 (a): Management VPN (Anshul Arora (akarora))> > > ----------------------------------------------------------------------> > Message: 1> Date: Fri, 28 Dec 2007 20:22:21 -0800> From: "Anshul Arora (akarora)" <[EMAIL PROTECTED]>> Subject: [OSL | CCIE_Security] Section 15 Task 7.6 (a): Management VPN> To: <[email protected]>> Message-ID:> <[EMAIL PROTECTED]>> Content-Type: text/plain; charset="us-ascii"> > Hi All,> > I've R1 and ASA1 configured for secured communication through IPsec> tunnel. The basic problem is that ASA1 can't ping R1 public IP> 192.1.12.15 and visa versa. Although R4 can ping R1.> Where do I enable ping from ASA1 to R1 so as to bring up the tunnel?> > The same setup is working for R1 and ASA2 tunnel communication (Task b)> verifying that configuration on R1 and ASA is configured correctly.> > Attaching R1, R4 and ASA2 configs.> > Appreciate any input.> -Anshul> > -------------- next part --------------> An HTML attachment was scrubbed...> URL: http://onlinestudylist.com/pipermail/ccie_security/attachments/20071228/63c485b9/attachment-0001.html> -------------- next part --------------> An embedded and charset-unspecified text was scrubbed...> Name: ASA1.txt> Url: http://onlinestudylist.com/pipermail/ccie_security/attachments/20071228/63c485b9/ASA1-0001.txt> -------------- next part --------------> An embedded and charset-unspecified text was scrubbed...> Name: R1.txt> Url: http://onlinestudylist.com/pipermail/ccie_security/attachments/20071228/63c485b9/R1-0001.txt> -------------- next part --------------> An embedded and charset-unspecified text was scrubbed...> Name: R4.txt> Url: http://onlinestudylist.com/pipermail/ccie_security/attachments/20071228/63c485b9/R4-0001.txt> > End of CCIE_Security Digest, Vol 18, Issue 13> *********************************************
