Site to Site VPN between Pix506E 6.3 and ASA5540 8.4.2

dfaber · ‎10-18-2011

Hello,

I have a few questions:

1- I would like to know if anyone as ever configured a Site to Site VPN between a pix506E running code 6.3 and a ASA5540 running code 8.4.2?

2- Should I expect any issues with the tunnel or ACL compatibility wise?

3- I had some issues between a ASA5505 running 8.4.2 and a Pix515E running 8.0.4 the tunnel would not go up. Anyone else had this issue?

All comments are appreciated.

Thank you.

Daniel

Jennifer Halim · ‎10-18-2011

1 - I haven't personally test between version 6.3 and 8.4.2, but i don't think there would be any issue as long as you are using IKE version 1 on your ASA 8.4.2 code.

2 - No, I wouldn't expect any issues with tunnel/ACL.

3 - Which phase is it breaking? Phase 1 or Phase 2? Can you share the debugs?

dfaber · ‎10-19-2011

Unfortunatly I had to revert to on older IOS in order to get it to work and the unit is now in production. But the message I was getting on the ASA with 8.4.2 image was: queuing key-acquire messages to be processed when p1 sa is complete.

I will try to build the tunnel between the 6.3 and 8.4.2 tomorrow. If I encounter any issues I will let you know.

Thank you.

Daniel