09-20-2007 10:49 PM - edited 02-21-2020 03:17 PM
Dear all,
I am a newbie for PIX.
I have a problem with the VPN formed by a PIX501 and a PIX506E.
I have attached the config of the two PIX, but after I enter the config to the PIX, no VPN was formed, do anyone know what's wrong with my setting?
Thank you very much.
09-20-2007 11:58 PM
Do you use NAT in your configuration? Because i don't see any No-NAT configuration in your script for the VPN Tunnel.
Could you post the outputs from a 'show run' command from both Pix Firewalls?
Regards,
Michael
09-21-2007 12:08 AM
09-21-2007 12:15 AM
The NAT configuration should look like this:
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 192.168.xxx.xxx 255.255.255.0
Did you check if the Firewalls can reach eachother?
Regards,
Michael
09-21-2007 09:07 PM
I am now get a error massage like
- ISAKMP malformed payload received (local 202.155.xxx.xxx (responder), reote 116.48.xxx.xxx)
Do you what's wrong this time?
Thank you very much
09-22-2007 09:50 PM
Hi,
Looks like the problem is with your crypto map peer x.x.x.x address. Make sure that both the crypto end points are configured for the correct peer address.
If you have configured the correct crypto address and still seeing problem.
Do a "clear cry isa sa" and "clear cry ipsec sa" and then try to bring up the tunnel.
I hope it helps.
Regards,
Arul
09-23-2007 05:00 PM
Thanks, Arul.
But the VPN still can not form and the error message still appear.
Do you have any other idea?
I have checked that the password is matched at both PIX
09-24-2007 05:11 AM
Hi,
From the logs that you had posted earlier, the issue was related to mismatch in crypto peer IP Addresses.
Can you post the sanitized version of configuration and full logs, if possible.
Thanks,
Arul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide