We have a vpn tunnel between a pix 501 ver 6.3 and a pix 515 ver 6.3 that works well.
I am now trying to move the tunnel from the pix 515 to an other pix 515 ver 7.0, but with no luck.
I get the following msgs in the log :
713993: ip=x.x.x.x, header invalid, missing SA payload! (next payload = 4)
713993: Group = x.x.x.x, IP = x.x.x.x, Can't find a valid tunnel group, aborting
713902: Group = x.x.x.x, IP = x.x.x.x, Removing peer from peer table failed, no match!
713903: Group = x.x.x.x, IP = x.x.x.x, Error: Unable to remove PeerTblEntry
Any idea on what I did wrong?
On PIX OS 7.0 Cisco has introduced the Tunnel-Group concept, you won't use an "isakmp" command to configure your peer and pre-shared key, but you will use the following command:
(config)#tunnel-group x.x.x.x type ipsec-l2l (x.x.x.x is ur peer address and l2l refers to LAN-to-LAN)
(config)#tunnel-group x.x.x.x ipsec-attributes
The rest of the commands (i.e. ISAKMP, Crypto map, Crypto Transform Sets and Crypto ACLs remain the same).
Hope this helps.