daemon@ATHENA.MIT.EDU (Michael Ruiz)
Sat Jul 9 09:38:00 2011
From: Michael Ruiz <mruiz@lstfinancial.com>
To: "'chris@nifry.com'" <chris@nifry.com>
Date: Sat, 9 Jul 2011 13:36:56 +0000
In-Reply-To: <ec867d9d95d5626f2d0cbecc1fca6924@localhost>
Cc: "'nanog@nanog.org'" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Yes sir.
I called cisci tac and according to the asa team, the tunnel cannot be crea=
ted because the juniper is not the session to be created due to some missma=
tches.
--------------------------
Sent using BlackBerry
----- Original Message -----
From: Chris Russell [mailto:chris@nifry.com]
Sent: Friday, July 08, 2011 06:09 PM
To: Michael Ruiz
Cc: nanog@nanog.org <nanog@nanog.org>
Subject: Re: <Need Help - Cisco ASA 8.4.1 to Juniper SSG-550 6.2.0r1.0VPN C=
onfiguration>
> Sending 5, 100-byte ICMP Echos to 10.1.4.81, timeout is 2 seconds:
> IPSEC(crypto_map_check)-3: Looking for crypto map matching 5-tuple:
> Prot=3D1, saddr=3D10.20.1.2, sport=3D29733, daddr=3D10.1.4.81, dport=3D29=
733
> IPSEC(crypto_map_check)-5: Checking crypto map CARIBOU-VPN-1 10:
skipping
> incomplete map. No peer, access-list or transform-set specified.
> IPSEC(crypto_map_check)-1: Error: No crypto map matched.
>
>>From my understanding this is caused by the crypto map not being able to
>>establish a tunnel to the Juniper.
From that log, the Cisco is missing numerous configuration items:
No peer, access-list or transform-set specified.
Do you have the above specified in the crypto map within the ASA ?
Cheers
Chris
CONFIDENTIALITY NOTICE: This message is intended only for the individual or=
entity to which it is addressed and may contain information that is confid=
ential or exempt from disclosure under applicable law. If you are not the i=
ntended recipient, you have received this communication in error. In such c=
ase, please notify us immediately by reply e-mail and immediately delete th=
is message and its attachments. Any use, dissemination, redistribution or r=
eproduction of this communication is strictly prohibited. Unless the messag=
e explicitly states otherwise, no e-mail correspondence claims to be a cont=
ractual offer or acceptance. LST Financial has instructed its employees not=
to send libelous or inappropriate statements and disclaims responsibility =
for such. Subject to applicable law, LST Financial may monitor, review and =
retain e-communications traveling through its networks/systems. By messagin=
g with LST Financial you consent to the foregoing.
CONFIDENTIALITY NOTICE: This message is intended only for the individual or=
entity to which it is addressed and may contain information that is confid=
ential or exempt from disclosure under applicable law. If you are not the i=
ntended recipient, you have received this communication in error. In such c=
ase, please notify us immediately by reply e-mail and immediately delete th=
is message and its attachments. Any use, dissemination, redistribution or r=
eproduction of this communication is strictly prohibited. Unless the messag=
e explicitly states otherwise, no e-mail correspondence claims to be a cont=
ractual offer or acceptance. LST Financial has instructed its employees not=
to send libelous or inappropriate statements and disclaims responsibility =
for such. Subject to applicable law, LST Financial may monitor, review and =
retain e-communications traveling through its networks/systems. By messagin=
g with LST Financial you consent to the foregoing.
