IPSec VPN between PIX and Cisco 877W

Answered Question
Oct 31st, 2007
User Badges:

Hi All,


I am trying to create a VPN tunnel between a PIX and a Cisco 877W but cant seem to get the tunnel up. When I do a 'sho crypto session' on the Cisco 877, I get it said status of session was down, then changed to DOWN-NEGOTIATING, but it is now DOWN again...Please find attached configs for both ends...Are there any commands to confirm that the tunnel is up other than trying to ping the remote end? I would greatly appreciate any help to get this tunnel up.

Regards,

Raj




Correct Answer by ajagadee about 9 years 8 months ago

Hi,


Based on the attached configurations, there needs to be couple of changes made. For example:


1. The isakmp policies do not match on the router and pix. Make sure that the Hash, DH Group and Lifetime match on the 877 and pix.


2. The access-list for the ipsec traffic has to be mirror images of each other.


3. Make sure that the ipsec lifetime matches on both the peers.


I hope it helps.


Regards,

Arul


Rate if it helps.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
Correct Answer
ajagadee Fri, 11/02/2007 - 09:20
User Badges:
  • Cisco Employee,

Hi,


Based on the attached configurations, there needs to be couple of changes made. For example:


1. The isakmp policies do not match on the router and pix. Make sure that the Hash, DH Group and Lifetime match on the 877 and pix.


2. The access-list for the ipsec traffic has to be mirror images of each other.


3. Make sure that the ipsec lifetime matches on both the peers.


I hope it helps.


Regards,

Arul


Rate if it helps.



pvzcisco07 Tue, 11/06/2007 - 19:16
User Badges:

Hi Arul,


I changed the ACL's and its seems to have fixed the problem. Thanks Heaps for your help.


Regards,

Raj

Actions

This Discussion