Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
268
Views
0
Helpful
1
Replies

VPN initiated from one side only

alghanim
Level 1
Level 1

‎10-23-2002 07:25 AM - edited ‎02-21-2020 12:08 PM

i have site-site VPN setting. PIX to Cisco ios.

i can only initiate the VPN sesion from Cisco ios. but not from the PIX.

what could be wrong

Labels:
0 Helpful
1 Reply 1

gfullage
Cisco Employee
Cisco Employee

‎10-23-2002 10:02 PM

Difficult to say without debugs, but it's generally a timer issue. You need to make sure the Phase 1 timer is the same on both sides. The router defaults to 86400 seconds (24 hours), whereas the PIX defaults to 28800 seconds (8 hours).

Try doing either this on the router:

> cry isakmp policy xx

lifetime 28800

or this on the PIX:

> cry ipsec security-assoc lifetime seconds 86400

Othern than that make sure your crypto ACL's are the exact opposite of each other.

0 Helpful
Customers Also Viewed These Support Documents