pix 501 to pix 515 problem

Unanswered Question
Aug 13th, 2007

Help required

I have set up a small home network to practice configuring

a site to site vpn on two pix firewalls using certificates

for authentication, the pix's I am using are a 515 running ios

7.0(5) and a 501 running ios 6.3(5).getting the certificates

onto the firewalls was no problem but I am not sure about

the rest of the configuration there must be a problem there

somewhere as I have tried pinging 192.168.3.2 from 192.168.1.2

and vice versa but am unable to establish a tunnel.

I have included the firewall configs and the network layout

as attachments and would appreciate it if someone could take

a look and see if I have done anything wrong.

the only thing I tried was to change was isakmp identity hostname

to isakmp identity address but this made no difference.

regards

Melvyn brown

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
pstebner1 Tue, 08/14/2007 - 13:08

Melvyn-

Is that the entire config for the 515? I didn't go over it with a fine-tooth comb, but there is no Global statement on it.

HTH,

Paul

melvynbrown Tue, 08/14/2007 - 13:19

hi

thanks for taking the trouble to look at this

yes that is the entire config for the 515

what global statement is missing

Regards

Melvyn

pstebner1 Tue, 08/14/2007 - 13:24

Melvyn-

I've never tried using a PIX solely for a VPN tunnel, but I assume this still applies. You need:

global (outside) 1 interface

which you do have on the 501.

Paul

Actions

This Discussion