Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I am attempting to connect 50 remote sites to our main office PIX 515E using PIX 501s at the remote sites. I have two sites up and working fine. When I issue the command SHOW CRYPTO ENGINE is see: Crypto Engine Connection Map: size = 8, free = 4, use...
I am attempting to connect 50 remote sites to our main office PIX 515E using PIX 501s at the remote sites. I have two sites up and working fine. When I issue the command SHOW CRYPTO ENGINE is see:Crypto Engine Connection Map: size = 8, free = ...
You have an ACL associated with the IPSEC tunnel, like below:access-list IPSec34 deny IP HOST 192.168.30.10 anyaccess-list IPSec34 permit ip any {to Cisco VPN 3000 address}crypto map mymap 34 ipsec-isakmpcrypto map mymap 34 match address IPSec34 cryp...
I see your problem. I myself have seen a delay of 5 to 10 seconds in the tunnel creation even with interesting traffic. This could be a timing issue. Several logon attempts fail? None of that traffic seems interesting?Issue SHOW CRYPTO IPSEC SALo...
He is refering to your access list used on your crypto map statement.access-list IPsecAL permit ip any 172.16.4.0 255.255.255.0crypto map yourmap 136 match address IPsecALNot the ANY on the access-list statement sends all traffic from inside your net...
I hope by now you have found the answer but if not check your ACLs for allowing PING. Setup a CONDUIT to allow all ICMP or something. There is also a command called DEBUG ICMP TRACE I have found useful for allowing me to see if the ping is at least...
I am not sure I understand your question but we don't use NAT at our remote facilities. The remote facilities all have 172.16.x.x addresses which are NAT 0 in the PIX 501 at the remote site and pulled into the tunnel and pop out at the central locat...
