Pix to PIX Ipsec tunnel

Unanswered Question

I have a pix to pix ipsec tunnel that existed before. Now that I have modified both PIX (remote and local) ACLs, I can not establish IKE Phase 2. I have established IKE Phase 1 and see the networks local & remote along with their peers.

When I do a "sh crypto isa sa" I get the following

Total : 0

Embryonic : 0

dst src state pending created


Any suggestions? I also already ran

ca zeroize all

ca generate rsa key 512

ca save all

reloaded PIX and still same thing. Can anyone help me?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
murray-davis Mon, 09/24/2007 - 07:51
User Badges:

If you modified ACL's, remember that they must mirror each other at the ends of the tunnel: on one end and on the other end. I would also suggest that you look at your NONAT rules. If you modified your ACL's, you also have to update your NONAT rules.


This Discussion