Hello All,
I have been working for two days trying to get an ASA to setup
a VPN tunnel to a SSG-550. I have the VPN tunnel Setup and ready to go on the
ASA. I ran a Debug crypto IPSec 200 and crypto ikve1 200. I do the command
ping PRIVATE <ip address> and I get in the console
Sending 5, 100-byte ICMP Echos to 10.1.4.81, timeout is 2 seconds:
IPSEC(crypto_map_check)-3: Looking for crypto map matching 5-tuple: Prot=1,
saddr=10.20.1.2, sport=29733, daddr=10.1.4.81, dport=29733
IPSEC(crypto_map_check)-5: Checking crypto map CARIBOU-VPN-1 10: skipping
incomplete map. No peer, access-list or transform-set specified.
IPSEC(crypto_map_check)-1: Error: No crypto map matched.
>From my understanding this is caused by the crypto map not being able to
>establish a tunnel to the Juniper.
On my Juniper configuration I have built the Gateway and set the Phase 1
Proposal to "pre-g2-3des-md5" followed by "pre-g2-3des-sha"
For the VPN configuration I use the predefined gateway configuration.
Under the advanced button, I use the predefined of "compatible" and the Phase 2
Proposal "nopfs-esp-3des" followed by "nopfs-esp-3des"
The proxy id is the local IP / Network block and the remote IP network block is
the destination IP block. The only part that has me wondering, because the
Juniper has multiple zones, i.e. a DMZ, Trust, and Untrust. Each Zone has its
own IP block that is assigned to it. I have entered a policy into one of the
zones, i.e. Untrust to Trust, input source block, destination block, specified
it is a tunnel, set for bi-directional entry and that should be it.
Any help in this as always will be greatly appreciated. Thank you.
Thank You,
MAR
CONFIDENTIALITY NOTICE: This message is intended only for the individual or
entity to which it is addressed and may contain information that is
confidential or exempt from disclosure under applicable law. If you are not the
intended recipient, you have received this communication in error. In such
case, please notify us immediately by reply e-mail and immediately delete this
message and its attachments. Any use, dissemination, redistribution or
reproduction of this communication is strictly prohibited. Unless the message
explicitly states otherwise, no e-mail correspondence claims to be a
contractual offer or acceptance. LST Financial has instructed its employees not
to send libelous or inappropriate statements and disclaims responsibility for
such. Subject to applicable law, LST Financial may monitor, review and retain
e-communications traveling through its networks/systems. By messaging with LST
Financial you consent to the foregoing.
