PIX VPN tunnel changes from L2L to User

Unanswered Question
Jan 29th, 2008
User Badges:

I have a Pix 515E running v7.2. I can configure a site-to-site VPN and it works. I configure the next and it swings from L2L to User and fails, sometimes it will start as L2L then after about 8hours it becomes User and fails. If I configure a third it comes up as either L2L or User. I had no problems with 6.3. Help please

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ohanusi2000 Wed, 01/30/2008 - 05:42
User Badges:

sorry what do you mean by changing from l2l to user.

Is the username and pasword prompt/ Xauth


maryowen1 Wed, 01/30/2008 - 05:54
User Badges:

IKE Peer:

The tunnels are site-to-site and should be as follows.

Type : L2L Role : initiator

Rekey : no State MM_ACTIVE

2 IKE Peer:

Type : L2L Role : initiator

Rekey : no State : MM_ACTIVE

But every now and again the second tunnels changes to

IKE Peer:

Type : User Role : initiator

Rekey : no State : MM_WAIT_MSG2

and stops working

srue Wed, 01/30/2008 - 06:42
User Badges:
  • Blue, 1500 points or more

can you post a config?

maryowen1 Wed, 01/30/2008 - 07:09
User Badges:

Thsi is my config. I have added a cisco vpn client configuration, but it happens regardless of wether the client is configured or not

ohanusi2000 Mon, 02/04/2008 - 08:32
User Badges:


Can not see anything wrong apart

tunnel-group-map default-group DefaultL2LGroup

This will make most connection look like site to site if it can not resolve the tunnel group that the connection belongs to .

May try upgrade .



This Discussion