cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
360
Views
0
Helpful
1
Replies

pix 2 pix vpn reconfig problem (501's)

I have blown away and done a reconfig on two of the three pix's several times now. I am posting pix1 and pix2 config's. I can't see what the problem is. It looks textbook to me. If you see it, please let me know.

tia

b

1 Reply 1

jmia
Level 7
Level 7

Can you provide debug information, first clear cry ipsec sa and also cry isakmp sa, then post the output of debug cry ipsec and debug cry isakmp:

Explanation of clear and debug commands:

clear crypto ipsec sa – Resets the IPSec associations after failed attempts to negotiate a VPN tunnel.

clear crypto isakmp sa – Resets the ISAKMP security associations after failed attempts to negotiate a VPN tunnel.

debug crypto ipsec – Shows if a client is negotiating the IPSec portion of the VPN connection.

debug crypto isakmp – Shows if the peers are negotiating the ISAKMP portion of the VPN connection.

I notice from your posted configuration that you have on pix 1 peer address 777.777.777.58 and on pix 2 peer address 777.777.777.58, is this a typo?

Also for reference take a look at this URL:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094761.shtml

Jay