Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

UNABLE TO CREATE VPN TUNNEL BETWEEN PIX 520 to PIX 520 IOS 6.3(4)

Status
Not open for further replies.
kam72

kam72

IS-IT--Management
Jul 23, 2005
97
AU
We have two cisco PIX 520 16M FLASH IOS 6.3(4) on both and 2 FE interfaces on each firewall. (Identical PIXes)

The first PIX CONFIG is:

nameif ethernet0 outside security0
nameif ethernet1 inside security100
......
access-list 101 permit ip 192.168.XXX.0 255.255.255.0 192.168.AAA.0 255.255.255.0
access-list 102 permit ip 192.168.XXX.0 255.255.255.0 192.168.AAA.0 255.255.255.0
..........
nat (inside) 0 access-list 101
..........
crypto ipsec transform-set SecuritySet esp-des esp-sha-hmac
crypto map rtpmap 1 ipsec-isakmp
crypto map rtpmap 1 match address 102
crypto map rtpmap 1 set peer AAA.AAA.AAA.AAA
crypto map rtpmap 1 set transform-set SecuritySet
crypto map rtpmap 1 set security-association lifetime seconds 3600 kilobytes 4608000
crypto map rtpmap interface outside
isakmp enable outside
isakmp key ******** address AAA.AAA.AAA.AAA netmask 255.255.255.255
isakmp identity address
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption des
isakmp policy 1 hash sha
isakmp policy 1 group 2
isakmp policy 1 lifetime 86400

And the second PIX Config is:


nameif ethernet0 outside security0
nameif ethernet1 inside security100
......
access-list 101 permit ip 192.168.AAA.0 255.255.255.0 192.168.XXX.0 255.255.255.0
access-list 102 permit ip 192.168.AAA.0 255.255.255.0 192.168.XXX.0 255.255.255.0
..........
nat (inside) 0 access-list 101
..........
crypto ipsec transform-set SecuritySet esp-des esp-sha-hmac
crypto map rtpmap 1 ipsec-isakmp
crypto map rtpmap 1 match address 102
crypto map rtpmap 1 set peer XXX.XXX.XXX.XXX
crypto map rtpmap 1 set transform-set SecuritySet
crypto map rtpmap 1 set security-association lifetime seconds 3600 kilobytes 4608000
crypto map rtpmap interface outside
isakmp enable outside
isakmp key ******** address XXX.XXX.XXX.XXX netmask 255.255.255.255
isakmp identity address
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption des
isakmp policy 1 hash sha
isakmp policy 1 group 2
isakmp policy 1 lifetime 86400


We have turned logging on and debugging for IPSEC and ISAKMP, but threr seems to be no connection attempts between the two PIXes none of the PIXes is trying to initiate a connection to the other PIX.

Please Help!
 
Sort by date Sort by votes
Is this even when you initiate a ping between them?



A firm beleiver of "Keep it Simple" philosophy
Cheers
/T
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

F
  • Locked
  • Solved
some IP Phone not working over site-to-site OpenVPN, packets modified on other side of tunnel
Replies
1
Views
2K
FrankSider12
F
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
291
sircles
sircles
teknance
  • Locked
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
476
GlobeTrekkerGal
GlobeTrekkerGal
sarahz2
  • Locked
  • Question
Best vpn safe and fast
Replies
4
Views
358
GlobeTrekkerGal
GlobeTrekkerGal
ramblingrebel
  • Locked
  • Question
Built-in Windows 10 VPN
Replies
1
Views
259
Joon Smith
Joon Smith

Part and Inventory Search

Sponsor

Back
Top