PIX 501 VPN Problem

Unanswered Question
Jan 8th, 2008

Hi,

I have two Cisco PIX 501's (PIX1 and PIX2) providing a LAN to LAN IPSec VPN between two sites (SITE1 and SITE2). PIX1 is at SITE1 and PIX2 is at SITE2.

If I ping a device on the LAN at SITE1 from a device on the LAN at SITE2, the VPN tunnel comes up fine. Once the tunnel is up I can also ping a device on the LAN at SITE2 from a device on the LAN at SITE1. However, if the tunnel is down and I ping a device on the LAN at SITE2 from a device on the LAN at SITE1, the VPN tunnel does not come up. I'm sure I've got all routing/static routes setup correctly.

Would appreciate some pointers.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
massimiliano.se... Tue, 01/08/2008 - 07:00

Hi,

When you ping a device in LAN on the site 2 from a device in LAN on the site 1 the VPN tunnel doesn't come up....

Is traffic from LAN (site1) to LAN (site2) "interesting traffic"?

This is a good reference: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9950.shtml

Check your configuration.

I hope this helps.

Best regards.

Massimiliano.

dredd123 Tue, 01/08/2008 - 08:35

Hi,

I should have mentioned; the PIX's in question are running 6.3 and the private IP networks at each office are different (192.168.1.0/24 at SITE1 and 192.168.9.0/24 at SITE2).

On this basis I'm not sure that the supplied link is specifically relevant? One other thing, I DID use the PDM VPN wizard to configure both PIX's so I would expect this to have put the correct configuration in place? I can post the config's if it would help.

Thanks,

Dave.

massimiliano.se... Tue, 01/08/2008 - 11:00

Hi Dave,

Here is the link for configuring vpn site-to-site with PDM http://www.cisco.com/en/US/docs/security/pix/pix63/quick/guide/63_515qk.html#wp48080

Here is the link with some configuration example of Site-to-Site VPN http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/sit2site.html..if you use a pre-shared key in order to establish a tunnel view the section "Establishing a Tunnel Using a Pre-Shared Key "..and then see configuration file on both firewalls.

I hope this helps.

Best regards.

Massimiliano.

angel2610 Thu, 01/10/2008 - 05:20

i have a doubt because i need put two pix in my network, one for the traffic control and another for the vpn (ipsec), so my problem is that i have the same configuration and both pixs and i want to put the ipsec as comment or disable in one pix, because when the other pix fail or is down, i could put up the other ipsec and all to be working good, so my question is how i can put the ipsec in desable and if i have problems with the other pix, i can put enable this ipsec or what is the best idea for this situation

i have two pixs 501, i hope that you can help me,

thanks

Actions

This Discussion