Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
292
Views
0
Helpful
1
Replies

PIX VPN Issue

mklaphek
Level 1
Level 1

‎02-28-2005 10:42 PM - edited ‎02-21-2020 01:38 PM

Hi. I have a PIX 515 that has several working VPN Connections to it. We are trying to get a SonicWall to connect but we are having problems. However, I don't think that the problem has anything to do withthe SonicWall itself -- I don't think we're getting that far.

We don't get this error on any other VPN connections, but on this one we get the following error when trying to transmit "interesting" traffic:

IPSEC(sa_initiate): ACL = deny; no sa created

We have nat (inside) 0 0 0 so we shouldn't need to add any additional statements -- correct? I cannot find any error, and the fact that this PIX works with so many other connections makes me wonder where the problem is.

The SonicWall reports Phase I failure. Has anyone seen this before?

Any help is apreciated.

Thanks!

Mike

Labels:
0 Helpful
1 Reply 1

umedryk
Level 5
Level 5

‎03-04-2005 05:31 AM

One workaround is to reboot the pix.

While a new crypto map instance is being added to the PIX Firewall, all clear and SSH traffic to the firewall interface stops because the crypto peer/ACL pair has not yet been defined. To workaround this, use PIX Device Manager (PDM) to add the new crypto map instance or, through the PIX Firewall CLI, remove the crypto map interface command from your configuration, add the new crypto map instance and fully configure the crypto peer/ACL pair, and then reapply the crypto map interface command back to the interface. In some conditions the CLI workaround is not acceptable as it temporarily stops VPN traffic also.

0 Helpful
Customers Also Viewed These Support Documents