Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
210
Views
0
Helpful
1
Replies

Pix 501 issues

u.naranjo
Level 1
Level 1

‎02-05-2004 08:28 PM - edited ‎02-20-2020 11:13 PM

Hi,

Have a bunch of sites connecting using 501's.(IPSEC)

Two sites upgraded their dsl line and when trying to configure the VPN tunnel at each site to point to 6 other sites I was able to get 4 tunnels up with a lot of difficulties and I even had to bounce one of the pix to resolve this problem.(I'm replacing the pre-share key as well)

Is there a specific order to enter the commands so I do not have such a hard time to bring this ipsec tunnels up? here is the sequence I'm following:

no isakmp key ******* address x.x.x.x

iskamp key newkey address x.x.x.x

no crypto vpn interface outside

crypto map vpn xx ipsec-isakmp

crypto map vpn xx match address access-list

crypto map vpn xx set peer x.x.x.x

crypto map vpn xx set transform-set set

crypto map vpn interface outside

Is this order correct or am I doing it wrong.

Advise please,

0 Helpful
1 Reply 1

mostiguy
Level 6
Level 6

‎02-06-2004 06:50 AM

when you play with isakmp, you probably want to enter a "no isakmp enable outside" command to shut it down, and after your last isakmp configuration command, enter a "isakmp enable outside" to fire up the isakmp daemon with the new config

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card