Site-To-Site VPN between 7.1 (1) and 6.3 (5)

Unanswered Question
Sep 17th, 2007
User Badges:

Can someone please look at my config and tell me what's wrong with it because i can't figure it.


I have been trying to create a site to site vpn without any luck. However, i have been successfully created a vpn for my clients.


Thanks in advance!!



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Mon, 09/17/2007 - 23:41
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


I can't see any Phase 1 isakmp settings in your pix 6.3 config, ie you need


1) isakmp policy

2) isakmp key

3) isakmp enable


HTH


Jon

mfreijser Tue, 09/18/2007 - 01:14
User Badges:
  • Bronze, 100 points or more

As said above, you are completely missing ISAKMP configuration. Try adding the following commands to your Pix with software version 6.3(5):


isakmp enable outside

isakmp identity address

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash sha

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

isakmp key **** address 71.4.148.xxx netmask 255.255.255.255


Notice that you should replace the **** with the same pre-shared key you configured on the PIX/ASA with software version 7.1(1)


Please rate the post if it's usefull to you!


Regards,


Michael

Actions

This Discussion