Problem creating Site-to-Site VPN between ASA 5510 8.0(3)and PIX 506 6.3(5)

Unanswered Question
May 16th, 2008
User Badges:

Hi,


I am trying to set up a Site-to-Site VPN between ASA 5510 and a number of PIX 506E and PIX 501. The PIX 506E at the Headoffice is being swapped with two ASA5510 configured in Active-Standby.


I created the L2L VPN on ASA with the ASDM. But I couldn't get the ASA to establish VPN tunnels with the PIXs.


I saw that on the ASA config that PFS is enabled by default when I created the VPN using ASDM.


PFS is not enabled on the PIXs. Can this affect establishing VPN tunnels between the ASA and the PIXs? Or, is there something else that could be missing out?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
JORGE RODRIGUEZ Fri, 05/16/2008 - 07:47
User Badges:
  • Green, 3000 points or more

Adekunle,


pfs needs to coinside at both ends, if enabled at one end the other end needs to be also enabled.



pix-to-pix l2l http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a87f7.shtml#pfs



Sometimes if good to understand what psf does Im providing a very good link for reference.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080094203.shtml#intro



HTH

-Jorge

Actions

This Discussion