pix 501 to pix 515 problem

Unanswered Question
Aug 13th, 2007
User Badges:

Help required

I have set up a small home network to practice configuring

a site to site vpn on two pix firewalls using certificates

for authentication, the pix's I am using are a 515 running ios

7.0(5) and a 501 running ios 6.3(5).getting the certificates

onto the firewalls was no problem but I am not sure about

the rest of the configuration there must be a problem there

somewhere as I have tried pinging from

and vice versa but am unable to establish a tunnel.

I have included the firewall configs and the network layout

as attachments and would appreciate it if someone could take

a look and see if I have done anything wrong.

the only thing I tried was to change was isakmp identity hostname

to isakmp identity address but this made no difference.


Melvyn brown

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
pstebner1 Tue, 08/14/2007 - 13:08
User Badges:


Is that the entire config for the 515? I didn't go over it with a fine-tooth comb, but there is no Global statement on it.



melvynbrown Tue, 08/14/2007 - 13:19
User Badges:


thanks for taking the trouble to look at this

yes that is the entire config for the 515

what global statement is missing



pstebner1 Tue, 08/14/2007 - 13:24
User Badges:


I've never tried using a PIX solely for a VPN tunnel, but I assume this still applies. You need:

global (outside) 1 interface

which you do have on the 501.



This Discussion