PIX VPN tunnel changes from L2L to User

Unanswered Question
Jan 29th, 2008
User Badges:

I have a Pix 515E running v7.2. I can configure a site-to-site VPN and it works. I configure the next and it swings from L2L to User and fails, sometimes it will start as L2L then after about 8hours it becomes User and fails. If I configure a third it comes up as either L2L or User. I had no problems with 6.3. Help please

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ohanusi2000 Wed, 01/30/2008 - 05:42
User Badges:

sorry what do you mean by changing from l2l to user.


Is the username and pasword prompt/ Xauth



Regards

maryowen1 Wed, 01/30/2008 - 05:54
User Badges:

IKE Peer: 213.123.155.41

The tunnels are site-to-site and should be as follows.



Type : L2L Role : initiator

Rekey : no State MM_ACTIVE

2 IKE Peer: 213.123.166.33

Type : L2L Role : initiator

Rekey : no State : MM_ACTIVE


But every now and again the second tunnels changes to


IKE Peer: 213.123.166.33

Type : User Role : initiator

Rekey : no State : MM_WAIT_MSG2


and stops working




srue Wed, 01/30/2008 - 06:42
User Badges:
  • Blue, 1500 points or more

can you post a config?

maryowen1 Wed, 01/30/2008 - 07:09
User Badges:

Thsi is my config. I have added a cisco vpn client configuration, but it happens regardless of wether the client is configured or not




ohanusi2000 Mon, 02/04/2008 - 08:32
User Badges:

Hi,

Can not see anything wrong apart


tunnel-group-map default-group DefaultL2LGroup


This will make most connection look like site to site if it can not resolve the tunnel group that the connection belongs to .


May try upgrade .


Regards



Actions

This Discussion