PIX to PIX VPN trouble

Unanswered Question
Jan 21st, 2008

I pretty much copied these from a working config. However I am unable to create a tunnel between these 2 sites.

sh crypto ipsec sa

gives me no activity on either side.

VPN lights are off on both PIX's

I know i have some excess ACL's that dont do anything at the moment, but I am confused as to why this VPN isnt working.

I have attached the Primary site and Remote site configs.

Any help would be appreciated!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ajagadee Mon, 01/21/2008 - 14:55

What is the source and destination IP Addresses that you are initiating traffic. Also, can you post the outputs of "deb cry is" and "deb cry ipsec" from the pixes when you try and bring up the tunnel.



esquared1 Thu, 01/24/2008 - 12:44

I could really use some help here. I am at a loss as to what to do next.. Thanks!

ajagadee Thu, 01/24/2008 - 13:48

Can you do a show logging and see if logging is enabled on the pix to capture the debug outputs.

If console logging is disabled, then enable it by;

logging console debugging

logging on

and then see if you are seeing any debugs on the pix.



srue Fri, 01/25/2008 - 08:02

Please verify your ACL's are correct, both for you cryptomaps and your nat 0 statements on both firewalls.

Make sure preshared keys match, and the peers are correct for both sides.

If you have verified all of these things, then please do the aforementioned debugging.

Are the outside interface IP's being nat'ed to anything? ie, is there a NAT device somewhere between the PIXes?


This Discussion