Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1033
Views
0
Helpful
2
Replies

PIX to PIX VPN

deastman
Level 1
Level 1

‎12-29-2000 10:15 AM - edited ‎02-21-2020 11:15 AM

I am setting up a pix to pix vpn and keep getting the error message "IPSEC(ipsec_encap): crypto map check deny" any time I try to pass a packet across the VPN. I believe the VPN is up but I am 100% sure how to verify this. What is causing this error message???

Thanks,

~Dennis~

dennis.eastman@netplex-south.com

Labels:
0 Helpful
2 Replies 2

sdarwin
Level 1
Level 1

‎01-03-2001 11:40 AM

How to verify that the VPN is up: ping across the VPN from the first LAN to the second LAN. A successful ping will usually mean it is working, but since you are getting this error message I believe it will fail.

Are the access lists mirror images of each other, on each side of the VPN? Did you apply the map to the interface after modifying it? The command to do this looks like "crypto map map1 interface outside." This clears the SA's and re-initializes the database. You must do this command every time you create or modify a crypto map.

Check the status of the VPN SA's by typing "show crypto ipsec sa" and "sho crypto isakmp sa" into the PIX. There will be SA's at the isakmp and the ipsec levels.

Ping across the VPN again, and check the SA's. Did this work?

Thanks,

Sam

0 Helpful

ozan.ocal
Level 1
Level 1

‎01-05-2001 08:25 AM

Just check your ACL to make sure that they are matching the interesting traffic (i.e the ip packets that you want to encrypt)

0 Helpful
Customers Also Viewed These Support Documents