08-13-2007 01:16 PM - edited 02-21-2020 01:38 AM
Help required
I have set up a small home network to practice configuring
a site to site vpn on two pix firewalls using certificates
for authentication, the pix's I am using are a 515 running ios
7.0(5) and a 501 running ios 6.3(5).getting the certificates
onto the firewalls was no problem but I am not sure about
the rest of the configuration there must be a problem there
somewhere as I have tried pinging 192.168.3.2 from 192.168.1.2
and vice versa but am unable to establish a tunnel.
I have included the firewall configs and the network layout
as attachments and would appreciate it if someone could take
a look and see if I have done anything wrong.
the only thing I tried was to change was isakmp identity hostname
to isakmp identity address but this made no difference.
regards
Melvyn brown
08-14-2007 01:08 PM
Melvyn-
Is that the entire config for the 515? I didn't go over it with a fine-tooth comb, but there is no Global statement on it.
HTH,
Paul
08-14-2007 01:19 PM
hi
thanks for taking the trouble to look at this
yes that is the entire config for the 515
what global statement is missing
Regards
Melvyn
08-14-2007 01:24 PM
Melvyn-
I've never tried using a PIX solely for a VPN tunnel, but I assume this still applies. You need:
global (outside) 1 interface
which you do have on the 501.
Paul
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: