12-19-2005 09:09 AM - edited 02-21-2020 12:36 AM
I have a PIX (we'l call PIX A) which has a VPN (PIX TO PIX) connection running to PIX C. I have tried to set up a VPN from PIX A to PIX B which has not been used for VPN. And I can't seem to get ISAKMP to 'start' between even though I've copied the config from the working one etc. The PIX version is 6.3(3) - is there something obvious Im missing?? The isakmp config/isakmp key is the same etc. Very confusing!
12-19-2005 07:10 PM
please post the entire config with public ip masked.
12-20-2005 12:56 AM
PIX A
sysopt connection permit-ipsec
crypto ipsec transform-set whitevpn esp-3des esp-sha-hmac
crypto map LONDON_VPN 10 ipsec-isakmp
crypto map LONDON_VPN 10 match address 110
crypto map LONDON_VPN 10 set peer x.x.x.x (going to PIX C)
crypto map LONDON_VPN 10 set transform-set whitevpn
crypto map LONDON_VPN 20 ipsec-isakmp
crypto map LONDON_VPN 20 match address 111
crypto map LONDON_VPN 20 set peer x.x.x.x (going to PIX B)
crypto map LONDON_VPN 20 set transform-set whitevpn
crypto map LONDON_VPN interface outside
isakmp enable outside
isakmp key ******** address x.x.x.x. (PIX C) netmask 255.255.255.255
isakmp key ******** address x.x.x.x (PIX B) netmask 255.255.255.255
isakmp identity address
isakmp keepalive 10
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 28800
PIX C
sysopt connection permit-ipsec
crypto ipsec transform-set whitevpn esp-3des esp-sha-hmac
crypto map LONDON_VPN 20 ipsec-isakmp
crypto map LONDON_VPN 20 match address 111
crypto map LONDON_VPN 20 set peer x.x.x.x (PIX A)
crypto map LONDON_VPN 20 set transform-set whitevpn
crypto map LONDON_VPN interface outside
isakmp enable outside
isakmp key ******** address x.x.x.x (PIX A) netmask 255.255.255.255
isakmp identity address
isakmp keepalive 10
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 28800
The link to PIX B is up and running and using the same config as PIX A.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide