Re: PIX 501 Site to Site Help

sadok.mouha · ‎04-15-2005

Hi to all,

I'm novice in using PIX 501. I want to establish Site to Site IPsec tunnel. I used the PDM (via https) to configure the tunnel. The problem is that I have errors as following :

#pkts no sa (send) 22

what it means?

Any help please. I'm blocked

Thanx

Cisco4Life · ‎04-15-2005

In my opinion, get out of the PDM; its a GUI Pipe dream. Understand the cli commands first before going in there.

Second attach your sh run so we can take a look. If I can't help, there is always someone in here that will be able to help you.

Frank

sadok.mouha · ‎04-18-2005

Thank you all, I used CLI commands to configure and it works ok.

The new problem is that I must use Authentication by address (isakmp identity address). My Pix is behind a router and it has a private address on his public interface i.e. :

Distant VPN Gateway <---> Internet <---> (Public IP) Router ADSL (Router Private IP 192.168.xx.xx) <----> (192.168.zz.zz) PIX (private sub-lan 192.168.yy.yy) <---> host

The problem is that pix gives to the other vpn gateway it's public ip 192.168.zz.zz which is not recognized by the remote VPN Gateway (it needs the publix IP of the router). Howcan I tell the PIX to use this IP ad identity address? I have used racoon for a short period and it offers this option.

Any help please?

Thanx

thisisshanky · ‎04-16-2005

Additionally, refer to this link to setup the VPN tunnel correct via PDM. I agree with the other poster. I prefer CLI. Under the CLI commands first and then move to PDM.

http://www.cisco.com/application/pdf/en/us/guest/products/ps2032/c1626/ccmigration_09186a0080189166.pdf

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus