Site to Site VPN between Pix 515e and Pix 501

ciunetworks · ‎09-29-2010

I have a PIX 515e and a PIX 501 that I am trying to get setup with a Site to Site VPN tunnel and access for VPN clients.

I have successfully gotten Two PIX 501s in this setup, but I am running into a wall here. I am getting nothing.

Both sites are available witht he VPN dialer, but the Site to Site is non existant. When I run a sh isakmp sa, I only see the VPN dialers.

Attached are my configs, they are labeled appropriately.

Any help is greatly appricated.

Federico Coto Fajardo · ‎09-29-2010

Hi,

You have two crypto maps configured namely ciumap and vpnmap, but only ciumap is applied to the outside interface.

So the crypto map vpnmap is not really doing anything in the configuration.

What is the purpose of both crypto maps?

Federico.

shijomon scaria · ‎09-29-2010

Hello,

Crypto map 'vpnmap' is the one doing site to site tunneling in ur configuration, but it is not applied on the the interface, same time you have applied another crypto map on the interface 'ciumap'. Remember one thing that you can apply only one crypto map at a time on an interface. But you can use different sequence numbers to create different parameters.

Thank you.

Shijo.

ciunetworks · ‎10-09-2010

After wasting my time with the old hardware and software versions. I went ahead and replace both units with asa 5505's

I have been successfull with the Site to Site VPN's and the VPN dialer access, but cannot figure out the static routes for my servers.

I have posted a new discusion here.

https://supportforums.cisco.com/thread/2046313

Any help of the asa 5505 static routes wiuld be greatly appreciated.