04-07-2005 05:00 AM - edited 02-21-2020 01:42 PM
I have many problems with this two pix's to realize a vpn between the firewalls. The PIX 515 is running with a static ip address and the PIX 501 is connected over PPPoE (DSL).
In a private lab i want test a L2L vpn connection, this fails likewise. Exists fundamental changes in the vpn configuration of pix version 7.01??? Does anybody has an example configuration for this solution?
Thanks!
04-07-2005 06:34 AM
There are some changes in 7.0, but many commands are supported in backwards configuration mode. If the 501 has a dynamically assigned IP address, you need to configure the 515 to accept dynamic IPSec tunnels. This configuration is similar to supporting software vpn clients, and is different from a normal L2L tunnel where both sides are statically addressed, and thus either side can initiate tunnel negotiation (in a dynamic tunnel, it is the dynamically assigned side that initiates tunnel creation)
this config should help you with a dynamic pix to a static pix vpn configuration
04-08-2005 03:27 AM
Hi thanks for your message. But i have this configured. On the remote pix 501 the follwing debug message:
dropping DELETE on unauthenticated SA
return status IKMP_NO_ERR_NO_TRANS
The translation groups seems to be ok! I have many vpn connection configured, all with pix os 6.x, there running wonderful. But this connection fails, PIX OS 6.3(4) -> PIX OS 7.0(1).
Any ideas?
04-26-2005 07:42 PM
I am having the same issues trying to do dynamic tunnels from pix 501's to my 515E running 7.01. I am trying to get an answer from TAC now. I will post this when I get it figured out.
04-26-2005 09:09 PM
That's nice. Thanks!!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide