Showing results for 
Search instead for 
Did you mean: 

Core issue

Intermediate device is blocking IPSec traffic between the client and the PIX.


Perform the following steps.

  1. Issue the show crypto ipsec sa command.
  2. Identify your connection entry.
  3. Check the encrypt and decrypt counters.

If you see no decrypts, there could be a firewall and or packet filter device blocking protocols 50 (ESP) or 51 (AH) between the client and the outside PIX interface.

If you see decrypts and no encrypts, there could be a routing issue on the PIX. Verify that there is a default route set on the PIX, and check the routing table on the PIX. If the problem persists, open a service request at the TAC Service Request Tool.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links