cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
294
Views
0
Helpful
2
Replies

IPSEC tunnel between PIX 6.4 and PIX 7.0

klw
Level 1
Level 1

I have a working IPsec tunnel between a PIX version 6.4 PIX 7.0 the problem is if the tunnel goes down for any reason only traffic coming from the PIX ver 7.0 side will bring the tunnel back, no traffic from the PIX ver 6.4 side will bring up the tunnel.

Once the tunnel is up everything works fine.

isakmp nat-transveral is enabled on both sides.

Any ideas would be appreciated.

Thanks

KLW

2 Replies 2

bwilmoth
Level 5
Level 5

I think you have not defined interesting traffic from the PIX 6.4. You can issue the write terminal command on the PIX, and find the match address command under the crypto map for the connection. The Access Control List (ACL) that this command refers to specifies the interesting traffic.

Thanks for the response.

I belive the access-list command is defined correctly otherwise i don't think the tunnel would come up at all. The access-list on the 6.4 side is a mirror of the one on the 7.0 side which i belive is as it should be.

KLW

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: