hi, am trying to create a vpn connection between two pix firewalls a 501 and a 506e.
currently on the 506e the pdm shows 1 IKE tunnel in stats but then it flashes back to zero. Both pix hosts can access the web and ping each others gateways.
i have posted the 506e config but the 501 config is the same.
outside ip for pix 506e = a.a.a.a
outside ip for pix 501 = b.b.b.b
isp gateway ip for 506e = x.x.x.x
You want the crypto acl's to be mirrors of each other.
access-list outside_cryptomap_20 permit ip 10.35.104.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list outside_cryptomap_20 permit ip 192.168.1.0 255.255.255.0 10.35.104.0 255.255.255.0
Without seeing the configuration from the other side (PIX501) this is going to be hard to troubleshoot, you will need to be sure at what stage this is failing phase 1 or phase 2.
Please note IPSec negotiation between the two PIXs fails if the SAs on both of the IKE phases do not match on the peers.