10-31-2007 11:15 PM - edited 02-21-2020 03:21 PM
Hi All,
I am trying to create a VPN tunnel between a PIX and a Cisco 877W but cant seem to get the tunnel up. When I do a 'sho crypto session' on the Cisco 877, I get it said status of session was down, then changed to DOWN-NEGOTIATING, but it is now DOWN again...Please find attached configs for both ends...Are there any commands to confirm that the tunnel is up other than trying to ping the remote end? I would greatly appreciate any help to get this tunnel up.
Regards,
Raj
Solved! Go to Solution.
11-02-2007 09:20 AM
Hi,
Based on the attached configurations, there needs to be couple of changes made. For example:
1. The isakmp policies do not match on the router and pix. Make sure that the Hash, DH Group and Lifetime match on the 877 and pix.
2. The access-list for the ipsec traffic has to be mirror images of each other.
3. Make sure that the ipsec lifetime matches on both the peers.
I hope it helps.
Regards,
Arul
Rate if it helps.
11-02-2007 09:20 AM
Hi,
Based on the attached configurations, there needs to be couple of changes made. For example:
1. The isakmp policies do not match on the router and pix. Make sure that the Hash, DH Group and Lifetime match on the 877 and pix.
2. The access-list for the ipsec traffic has to be mirror images of each other.
3. Make sure that the ipsec lifetime matches on both the peers.
I hope it helps.
Regards,
Arul
Rate if it helps.
11-06-2007 07:16 PM
Hi Arul,
I changed the ACL's and its seems to have fixed the problem. Thanks Heaps for your help.
Regards,
Raj
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide