Pix to PIX Ipsec tunnel

Unanswered Question

I have a pix to pix ipsec tunnel that existed before. Now that I have modified both PIX (remote and local) ACLs, I can not establish IKE Phase 2. I have established IKE Phase 1 and see the networks local & remote along with their peers.


When I do a "sh crypto isa sa" I get the following


Total : 0

Embryonic : 0

dst src state pending created

PIX#


Any suggestions? I also already ran

ca zeroize all

ca generate rsa key 512

ca save all

reloaded PIX and still same thing. Can anyone help me?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
murray-davis Mon, 09/24/2007 - 07:51
User Badges:

If you modified ACL's, remember that they must mirror each other at the ends of the tunnel: 10.10.0.0 255.255.0.0 192.168.0.0 255.255.0.0 on one end and 192.168.0.0 255.255.0.0 10.1.0.0 255.255.0.0 on the other end. I would also suggest that you look at your NONAT rules. If you modified your ACL's, you also have to update your NONAT rules.

Actions

This Discussion