topic Pix to PIX Ipsec tunnel in Network Security

Pix to PIX Ipsec tunnel

flopez — Mon, 11 Mar 2019 11:15:37 GMT

I have a pix to pix ipsec tunnel that existed before. Now that I have modified both PIX (remote and local) ACLs, I can not establish IKE Phase 2. I have established IKE Phase 1 and see the networks local & remote along with their peers.

When I do a "sh crypto isa sa" I get the following

Total : 0

Embryonic : 0

dst src state pending created

PIX#

Any suggestions? I also already ran

ca zeroize all

ca generate rsa key 512

ca save all

reloaded PIX and still same thing. Can anyone help me?

Re: Pix to PIX Ipsec tunnel

whisperwind — Sun, 23 Sep 2007 02:33:53 GMT

Cna you show us the config?

Re: Pix to PIX Ipsec tunnel

murray-davis — Mon, 24 Sep 2007 14:51:06 GMT

If you modified ACL's, remember that they must mirror each other at the ends of the tunnel: 10.10.0.0 255.255.0.0 192.168.0.0 255.255.0.0 on one end and 192.168.0.0 255.255.0.0 10.1.0.0 255.255.0.0 on the other end. I would also suggest that you look at your NONAT rules. If you modified your ACL's, you also have to update your NONAT rules.