pix 501 to pix 515 problem

Unanswered Question
Aug 13th, 2007
User Badges:

Help required


I have set up a small home network to practice configuring

a site to site vpn on two pix firewalls using certificates

for authentication, the pix's I am using are a 515 running ios

7.0(5) and a 501 running ios 6.3(5).getting the certificates

onto the firewalls was no problem but I am not sure about

the rest of the configuration there must be a problem there

somewhere as I have tried pinging 192.168.3.2 from 192.168.1.2

and vice versa but am unable to establish a tunnel.


I have included the firewall configs and the network layout

as attachments and would appreciate it if someone could take

a look and see if I have done anything wrong.


the only thing I tried was to change was isakmp identity hostname

to isakmp identity address but this made no difference.


regards


Melvyn brown








  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
pstebner1 Tue, 08/14/2007 - 13:08
User Badges:

Melvyn-

Is that the entire config for the 515? I didn't go over it with a fine-tooth comb, but there is no Global statement on it.


HTH,

Paul

melvynbrown Tue, 08/14/2007 - 13:19
User Badges:

hi


thanks for taking the trouble to look at this


yes that is the entire config for the 515

what global statement is missing


Regards


Melvyn

pstebner1 Tue, 08/14/2007 - 13:24
User Badges:

Melvyn-

I've never tried using a PIX solely for a VPN tunnel, but I assume this still applies. You need:


global (outside) 1 interface


which you do have on the 501.


Paul

Actions

This Discussion