• Creator
  • #2224550

    PIX VPN newbie


    by kswallow ·

    Hello. I’m having trouble setting up a site-site vpn connection using a PIX 506E and I wonder if anyone can point if I’m missing something obvious.
    It appears that my PIX is not even attempting to put any traffic down my vpn tunnel as I dont see anything happening when using “debug crypto isakmp” (except for a repeat attempt by another site to connect inbound which is not configured for yet – this wouldn’t block creating a new outbound connection to another site would it?)

    Config is pasted below with the addresses modified and crap removed. It would be great if anyone could suggest reasons why it’s not trying to bring up the tunnel.
    I’m trying get from to, have been trying pings from the PIX itself.
    The pix is not in use for anything else yet.
    Thanks in advance for any suggestions!

    PIX Version 6.3(5)
    interface ethernet0 100full
    interface ethernet1 100full
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    hostname MyPix
    name OtherNet
    access-list outside_cryptomap_20 permit ip OtherNet
    access-list outside_cryptomap_20 permit icmp OtherNet
    access-list inside_outbound_nat0_acl permit ip OtherNet
    ip address outside
    ip address inside
    ip audit info action alarm
    ip audit attack action alarm
    nat (inside) 0 access-list inside_outbound_nat0_acl
    route outside OtherNet 1
    no snmp-server location
    no snmp-server contact
    snmp-server community public
    no snmp-server enable traps
    floodguard enable
    sysopt connection permit-ipsec
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto map outside_map 20 ipsec-isakmp
    crypto map outside_map 20 match address outside_cryptomap_20
    crypto map outside_map 20 set peer
    crypto map outside_map 20 set transform-set ESP-3DES-MD5
    crypto map outside_map interface outside
    isakmp enable outside
    isakmp key ******** address netmask no-xauth no-config-mode
    isakmp policy 20 authentication pre-share
    isakmp policy 20 encryption 3des
    isakmp policy 20 hash md5
    isakmp policy 20 group 2
    isakmp policy 20 lifetime 86400

All Answers

  • Author
Viewing 0 reply threads