cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
333
Views
0
Helpful
3
Replies

pix 501 to pix 515 problem

melvynbrown
Level 1
Level 1

Help required

I have set up a small home network to practice configuring

a site to site vpn on two pix firewalls using certificates

for authentication, the pix's I am using are a 515 running ios

7.0(5) and a 501 running ios 6.3(5).getting the certificates

onto the firewalls was no problem but I am not sure about

the rest of the configuration there must be a problem there

somewhere as I have tried pinging 192.168.3.2 from 192.168.1.2

and vice versa but am unable to establish a tunnel.

I have included the firewall configs and the network layout

as attachments and would appreciate it if someone could take

a look and see if I have done anything wrong.

the only thing I tried was to change was isakmp identity hostname

to isakmp identity address but this made no difference.

regards

Melvyn brown

3 Replies 3

pstebner1
Level 1
Level 1

Melvyn-

Is that the entire config for the 515? I didn't go over it with a fine-tooth comb, but there is no Global statement on it.

HTH,

Paul

hi

thanks for taking the trouble to look at this

yes that is the entire config for the 515

what global statement is missing

Regards

Melvyn

Melvyn-

I've never tried using a PIX solely for a VPN tunnel, but I assume this still applies. You need:

global (outside) 1 interface

which you do have on the 501.

Paul

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: