Solved it. VPN seems to be working now. I don't know why, but the entry in /etc/sysconfig/iptables which allows all outbound DMZ traffic without filtering was not present in the file.
Configuring PIX to PIX Dynamic-to-Static IPSec with NAT In this sample configuration,a remote PIX receives an IP address through Dynamic Host Configuration Protocol (DHCP) and connects to a central PIX. This configuration enables the central PIX to accept dynamic IPsec connections. The remote PIX uses network address translation (NAT) to 'join' the privately addressed devices behind it to the privately addressed network behind the central PIX. Cisco ASA VPN to Cisco Router "MM_WAIT_MSG3" | PeteNetLive KB ID 0001531 Problem While migrating a VPN tunnel from an ASA 5520 firewall to a new 5516-X I got this problem. The other end was a Cisco router (2900). As soon as I swapped it over, it was stuck at MM_WAIT_MSG3, and phase 1 would not establish; Debugs didn't help much either; Solution Well, as you can tell from my Troubleshooting Phase 1 Cisco Site to Site (L2L) VPN Tunnels article MM_WAIT Verifying IPSec tunnels. | CCIE or Null! Apr 30, 2012 DMVPN mm_no_state error on spoke Solutions | Experts Exchange
ASA(config)# crypto map vpn 10 match address vpn! I indicated address of Remote2 peer public outside interface. ASA(config)# crypto map vpn 10 set peer 192.168.2.2! Apply also the transform-set. ASA(config)# crypto map vpn 10 set transform-set ts! Attach the already created Crypto-map and VPN to outside interface.
MM_NO_STATE . The ISAKMP SA has been created, but nothing else has happened yet. It is "larval" at this stage—there is no state. MM_SA_SETUP: The peers have agreed on parameters for the ISAKMP SA. MM_KEY_EXCH : The peers have exchanged Diffie-Hellman public keys and have generated a shared secret. The ISAKMP SA remains unauthenticated. MM_KEY The Trouble with IPsec VPNs, Part#3: IKE Phase 1 Success Line 1 shows the message Old State = IKE_READY New State = IKE_I_MM1, which indicates that IKE negotiation has begun, and that the first ISAKMP message in the main mode exchange is … How to Setup a Cisco Router VPN (Site-to-Site): Cisco
May 10, 2012
I have a VPN that frequently enters the state "mm_no_state" and we are forced to clear down the ipsec connection and/or reload the firewall. Does anyone know why this keeps happening? The VPN works fine 90% of the time but frequently drops to mm_no_state. Jun 15, 2020 · VPN tunnel in MM_NO_STATE state Hi, Looking for experts here to assist me. I have Cisco Router2811 (A) tunnelling to another Cisco2821 (B) but NATing and connection below is the latest config with MM_NO_STATE state. HQ which is configured to accecpt remote vpn client using crypto map is configured for dynamic vpn with branch. HQ static public ip is 82.114.179.120, tunnel 10 ip 172.16.10.1 and local lan is 192.168.1.0. Branch has dynamic public ip ,tunnel 10 ip 172.16.10.32 and local lan is 192.168.32.0. It