Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
297
Views
0
Helpful
2
Replies

Pix to PIX Ipsec tunnel

flopez
Level 1
Level 1

‎09-22-2007 07:04 PM - edited ‎03-11-2019 04:15 AM

I have a pix to pix ipsec tunnel that existed before. Now that I have modified both PIX (remote and local) ACLs, I can not establish IKE Phase 2. I have established IKE Phase 1 and see the networks local & remote along with their peers.

When I do a "sh crypto isa sa" I get the following

Total : 0

Embryonic : 0

dst src state pending created

PIX#

Any suggestions? I also already ran

ca zeroize all

ca generate rsa key 512

ca save all

reloaded PIX and still same thing. Can anyone help me?

Labels:
0 Helpful
2 Replies 2

whisperwind
Level 1
Level 1

‎09-22-2007 07:33 PM

Cna you show us the config?

0 Helpful

murray-davis
Level 1
Level 1

‎09-24-2007 07:51 AM

If you modified ACL's, remember that they must mirror each other at the ends of the tunnel: 10.10.0.0 255.255.0.0 192.168.0.0 255.255.0.0 on one end and 192.168.0.0 255.255.0.0 10.1.0.0 255.255.0.0 on the other end. I would also suggest that you look at your NONAT rules. If you modified your ACL's, you also have to update your NONAT rules.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card