PIX VPN newbieLocked
Hello. I’m having trouble setting up a site-site vpn connection using a PIX 506E and I wonder if anyone can point if I’m missing something obvious.
It appears that my PIX is not even attempting to put any traffic down my vpn tunnel as I dont see anything happening when using “debug crypto isakmp” (except for a repeat attempt by another site to connect inbound which is not configured for yet – this wouldn’t block creating a new outbound connection to another site would it?)
Config is pasted below with the addresses modified and crap removed. It would be great if anyone could suggest reasons why it’s not trying to bring up the tunnel.
I’m trying get from 192.168.1.0 to 192.168.2.0, have been trying pings from the PIX itself.
The pix is not in use for anything else yet.
Thanks in advance for any suggestions!
PIX Version 6.3(5)
interface ethernet0 100full
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
name 192.168.2.0 OtherNet
access-list outside_cryptomap_20 permit ip 192.168.1.0 255.255.255.0 OtherNet 255.255.255.0
access-list outside_cryptomap_20 permit icmp 192.168.1.0 255.255.255.0 OtherNet 255.255.255.0
access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 OtherNet 255.255.255.0
ip address outside 10.10.10.10 255.255.255.224
ip address inside 192.168.1.100 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
nat (inside) 0 access-list inside_outbound_nat0_acl
route outside OtherNet 255.255.255.0 10.10.10.11 1
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto map outside_map 20 ipsec-isakmp
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set peer 126.96.36.199
crypto map outside_map 20 set transform-set ESP-3DES-MD5
crypto map outside_map interface outside
isakmp enable outside
isakmp key ******** address 188.8.131.52 netmask 255.255.255.255 no-xauth no-config-mode
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400