08-13-2007 01:16 PM - edited 02-21-2020 01:38 AM
Help required
I have set up a small home network to practice configuring
a site to site vpn on two pix firewalls using certificates
for authentication, the pix's I am using are a 515 running ios
7.0(5) and a 501 running ios 6.3(5).getting the certificates
onto the firewalls was no problem but I am not sure about
the rest of the configuration there must be a problem there
somewhere as I have tried pinging 192.168.3.2 from 192.168.1.2
and vice versa but am unable to establish a tunnel.
I have included the firewall configs and the network layout
as attachments and would appreciate it if someone could take
a look and see if I have done anything wrong.
the only thing I tried was to change was isakmp identity hostname
to isakmp identity address but this made no difference.
regards
Melvyn brown
08-14-2007 01:08 PM
Melvyn-
Is that the entire config for the 515? I didn't go over it with a fine-tooth comb, but there is no Global statement on it.
HTH,
Paul
08-14-2007 01:19 PM
hi
thanks for taking the trouble to look at this
yes that is the entire config for the 515
what global statement is missing
Regards
Melvyn
08-14-2007 01:24 PM
Melvyn-
I've never tried using a PIX solely for a VPN tunnel, but I assume this still applies. You need:
global (outside) 1 interface
which you do have on the 501.
Paul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide