Do you see phase one come up

enjama · ‎07-07-2016

I used the pix to ASA tool to install my pix config on my asa 5505. I plugged it in to the interface swapping it out with the pix, and I don't get dns (or "internet" for that matter). I have attached the Pix running config, and the ASA running config. Any ideas what I'm missing?

I can't see the peer to peer tunnels or get dns going. I can't even ping out to known responding IP addresses.

The Pix works great, ASA is a total NO-GO. I know it must be something getting lost in translation.

Simrid123 · ‎07-07-2016

Hi Enjama,

It looks as though your security levels are incorrect. In order to let data flow between interfaces, please could you assign the inside interface a security level of 100 and your outside interface a security level of 0?

It may also be worth looking at your outside interface subnet, a /8 seems to be rather large for a internet facing address.

This should do the trick.

Regards,

Simrid

enjama · ‎07-07-2016

Hi Simrid -

I'm trying that - I will let you know how that works.

enjama · ‎07-07-2016

That works! (kind of).... Well, now I have DNS and Internet, but my peer to peer tunneling is still down. Here is the config of one of the peers - the tunnel works with the Pix config, but not the ASA config. I have attached the updated ASA config as well.

File name ASARunningConfig is the new ASA that doesn't connect.

File name PeerAsaconfig.txt is the one that works to tunnel / peer to the pix, but not the new ASA.

Simrid123 · ‎07-08-2016

Do you see phase one come up online okay? "show crypto isakmp sa"

Pix to ASA tool didn't work - what am I missing?