Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
545
Views
0
Helpful
3
Replies

Problem establishing tunnel PIX -> VPNC

sbrozius
Level 1
Level 1

‎12-29-2005 04:33 AM - edited ‎02-21-2020 12:36 AM

Hi,

I'm trying to establish a tunnel from a PIX to a VPN Concentrator, but the tunnel does not come up. The PIX tries to establish, but somehow, it can't.

On the VPN Concentrator, I have the attached notifications in the event log.

Could you provide me with a possible solution or action to take?

Thanx!

Preview file
8 KB
0 Helpful
3 Replies 3

jackko
Level 7
Level 7

‎01-01-2006 04:49 AM

it's a bit hard to troubleshoot without reading the config.

below is the sample codes for pix lan-lan vpn:

access-list 101 permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list 121 permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0

ip address outside 1.1.1.2 255.255.255.0

ip address inside 192.168.2.1 255.255.255.0

global (outside) 1 interface

nat (inside) 0 access-list 101

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

sysopt connection permit-ipsec

crypto ipsec transform-set myset esp-3des esp-md5-hmac

crypto map myvpn 10 ipsec-isakmp

crypto map myvpn 10 match address 121

crypto map myvpn 10 set peer 1.1.1.1

crypto map myvpn 10 set transform-set myset

crypto map myvpn interface outside

isakmp enable outside

isakmp key cisco123 address 1.1.1.1 netmask 255.255.255.255 no-xauth no-config-mode

isakmp identity address

isakmp nat-traversal 20

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

for the concentrator, go administration > file management, click "view" on the file "config", save a copy and post it. one point needs to be noticed is that public ips needs to be masked.

0 Helpful

sbrozius
Level 1
Level 1
In response to jackko

‎01-01-2006 05:53 AM

Thanks for the reply...

I forgot to update this Q last friday after I've got it up and running. Problem was that our VPNC is in a DMZ. The firewall had a route in place which screwed up the return-route from the VPNC to the PIX; no traffic ever returned to the initiating PIX.

After removing that faulty route in the firewall, everything worked like a charm.

Strange thing was that we have more of such VPN-tunnels in place, but only this one gave problems.

Thanks again, and a good new year to you!

0 Helpful

jackko
Level 7
Level 7
In response to sbrozius

‎01-01-2006 06:30 AM

it's good to learn that your issue has been resolved.

happy new year!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card