Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
650
Views
0
Helpful
1
Replies

dynamic ipsec between a statically addressed pix and dynamically addressed

kevin-howell
Level 1
Level 1

‎03-06-2008 06:55 AM - edited ‎02-21-2020 03:36 PM

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094a87.shtml

above is currently the URL I am using. Both ends of the VPN are config'd as per document apart from IP details.

On the router side I am using a Cisco 1841 with a HWIC-3G-GSM card. This connects onto the Vodafone 3G network and is assigned a private IP address. This then NATS onto a Public IP address.

The remote device we are using is a PIX firewall version 6.3. This device needs to be able to accept VPN connections from any IP address.

Phase 1 on the VPN is coming up fine but I am not seeing any traffic on phase 2. Packets are being encrypted but not decrypted at both ends of the VPN.

dst src state conn-id slot status

80.x.x.x 10.x.x.x

QM_IDLE 1005 0 ACTIVE

sh crypto ipsec sa

interface: Cellular0/0/0

Crypto map tag: to_vpn, local addr 10.x.x.x

protected vrf: (none)

local ident (addr/mask/prot/port): (10.111.1.192/255.255.255.192/0/0)

remote ident (addr/mask/prot/port): (10.100.48.0/255.255.255.0/0/0)

current_peer 80.x.x.x port 500

PERMIT, flags={origin_is_acl,}

#pkts encaps: 9830, #pkts encrypt: 9830, #pkts digest: 9830

#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0

Packets are being encrypted but not being decrypted.

Any help would be greatly appreciated

Thanks.

Labels:
0 Helpful
1 Reply 1

kevin-howell
Level 1
Level 1

‎03-07-2008 06:41 AM

The issue is now resolved. Seem to be a PIX config issue.I received a technical guide outlining all changes on the devices

0 Helpful
Customers Also Viewed These Support Documents