01-21-2008 02:46 PM - edited 02-21-2020 03:29 PM
I pretty much copied these from a working config. However I am unable to create a tunnel between these 2 sites.
sh crypto ipsec sa
gives me no activity on either side.
VPN lights are off on both PIX's
I know i have some excess ACL's that dont do anything at the moment, but I am confused as to why this VPN isnt working.
I have attached the Primary site and Remote site configs.
Any help would be appreciated!
01-21-2008 02:55 PM
What is the source and destination IP Addresses that you are initiating traffic. Also, can you post the outputs of "deb cry is" and "deb cry ipsec" from the pixes when you try and bring up the tunnel.
Thanks,
Arul
01-24-2008 12:44 PM
I could really use some help here. I am at a loss as to what to do next.. Thanks!
01-24-2008 01:48 PM
Can you do a show logging and see if logging is enabled on the pix to capture the debug outputs.
If console logging is disabled, then enable it by;
logging console debugging
logging on
and then see if you are seeing any debugs on the pix.
Regards,
Arul
01-25-2008 08:02 AM
Please verify your ACL's are correct, both for you cryptomaps and your nat 0 statements on both firewalls.
Make sure preshared keys match, and the peers are correct for both sides.
If you have verified all of these things, then please do the aforementioned debugging.
Are the outside interface IP's being nat'ed to anything? ie, is there a NAT device somewhere between the PIXes?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: