12-09-2009 08:25 AM - edited 02-21-2020 04:25 PM
Hello,
I have a remote site that has a broadband cable internet connection and is using a PIX 501. We wanted to connect them with our main office with our VPN 3000 Concentrator using site to site VPN.
I've followed the following documentation:
However the L2L session does not show up on the Concentrator when I check the active sessions.
Attached is the network diagram, along with the PIX config and screenshots of the VPN config for the IPSec L2L tunnel.
Any assistance or guidance is appreciated.
Solved! Go to Solution.
12-09-2009 06:27 PM
I just noticed that on PIX firewall, the phase 1 paramateres are not configured. You need to configure the same pase 1 and phase 2 parameters on both ends of the tunnel.
For example, on CVPN 3000, you have configured Phase 1 parameters as 3DES, preshared key etc..so we need to configure the same on the PIX firewall too,.
Here's an example of sample config
Hope this helps!
12-09-2009 09:22 AM
On the CVPN 3000, you have entered 172.16.128.0 with wildcard Mask 0.0.3.255 as the Local Network and 172.16.68.0 with wildcard mask as 0.0.3.255 as the Remote Network, however, on PIX you have defined only one Access-list - 101 and the Local and Remote network is the same 172.16.68.0 255.255.252.0.
Correct the crypto access-list and make them as a mirror image of each other on both the devices.
Also, Configure a separate access-list for Nat 0 on PIX firewall. Don't use the same access-list as that of crypto access-list.
After this, clear the tunnel and then initiate the tunnel again. Hopefully, this should solve your problem.
Regards,
Anshul
12-09-2009 10:05 AM
12-09-2009 06:27 PM
I just noticed that on PIX firewall, the phase 1 paramateres are not configured. You need to configure the same pase 1 and phase 2 parameters on both ends of the tunnel.
For example, on CVPN 3000, you have configured Phase 1 parameters as 3DES, preshared key etc..so we need to configure the same on the PIX firewall too,.
Here's an example of sample config
Hope this helps!
12-10-2009 10:37 AM
Well I tore everything out and then rebuilt it and it's now working. Strange.
Thanks for the help! +5
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide