PIX to PIX VPN trouble

esquared1 · ‎01-21-2008

I pretty much copied these from a working config. However I am unable to create a tunnel between these 2 sites.

sh crypto ipsec sa

gives me no activity on either side.

VPN lights are off on both PIX's

I know i have some excess ACL's that dont do anything at the moment, but I am confused as to why this VPN isnt working.

I have attached the Primary site and Remote site configs.

Any help would be appreciated!

ajagadee · ‎01-21-2008

What is the source and destination IP Addresses that you are initiating traffic. Also, can you post the outputs of "deb cry is" and "deb cry ipsec" from the pixes when you try and bring up the tunnel.

Thanks,

Arul

esquared1 · ‎01-24-2008

I could really use some help here. I am at a loss as to what to do next.. Thanks!

ajagadee · ‎01-24-2008

Can you do a show logging and see if logging is enabled on the pix to capture the debug outputs.

If console logging is disabled, then enable it by;

logging console debugging

logging on

and then see if you are seeing any debugs on the pix.

Regards,

Arul

srue · ‎01-25-2008

Please verify your ACL's are correct, both for you cryptomaps and your nat 0 statements on both firewalls.

Make sure preshared keys match, and the peers are correct for both sides.

If you have verified all of these things, then please do the aforementioned debugging.

Are the outside interface IP's being nat'ed to anything? ie, is there a NAT device somewhere between the PIXes?