Site-To-Site VPN between 7.1 (1) and 6.3 (5)

Unanswered Question
Sep 17th, 2007
User Badges:

Can someone please look at my config and tell me what's wrong with it because i can't figure it.

I have been trying to create a site to site vpn without any luck. However, i have been successfully created a vpn for my clients.

Thanks in advance!!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Mon, 09/17/2007 - 23:41
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


I can't see any Phase 1 isakmp settings in your pix 6.3 config, ie you need

1) isakmp policy

2) isakmp key

3) isakmp enable



mfreijser Tue, 09/18/2007 - 01:14
User Badges:
  • Bronze, 100 points or more

As said above, you are completely missing ISAKMP configuration. Try adding the following commands to your Pix with software version 6.3(5):

isakmp enable outside

isakmp identity address

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash sha

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

isakmp key **** address netmask

Notice that you should replace the **** with the same pre-shared key you configured on the PIX/ASA with software version 7.1(1)

Please rate the post if it's usefull to you!




This Discussion