I have a PIX501 at a remote site (213.x.x.186).
I had to install a Linksys VPN router at another remote site and VPN between the two.
I configured the Linksys in my office on a static IP (84.x.x.14) and remotely configured the PIX, i got these working fine.
I have since installed the Linksys at the other remote site and changed the static IP (213.x.x.235).
On the PIX i reconfigured:
crypto map transam 1 set peer 213.x.x.235
isakmp key ******** address 213.x.x.235 netmask 255.255.255.255 no-xauth no-config-mode.
On the pix "show crypto ipsec sa" shows:
Crypto map tag: transam, local addr. 213.x.x.186
local ident (addr/mask/prot/port): (10.0.0.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0/0/0)
#pkts encaps: 88, #pkts encrypt: 88, #pkts digest 88
#pkts decaps: 83, #pkts decrypt: 83, #pkts verify 83
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 213.x.x.186, remote crypto endpt.: 84.x.x.14
path mtu 1500, ipsec overhead 56, media mtu 1500
current outbound spi: 0
inbound esp sas:
inbound ah sas:
inbound pcp sas:
outbound esp sas:
outbound ah sas:
outbound pcp sas:
This output shows the connection to my office still, and the Linksys connected in the remote site will not re-establish a connection.
show crypto isakmp sa shows:
Total : 1
Embryonic : 0
dst src state pending created
213.x.x.186 213.x.x.235 QM_IDLE 0 0
I've tried clearing this entry with "clear crypto ipsec sa peer" and it will not disappear and reestablish with the new configuration.
Can anyone throw me some suggestions?