06-06-2008 05:06 AM - edited 03-11-2019 05:56 AM
Hello - I have a PIX 515 (v 7.2) and a ASA 5520. I have a VPN tunnel built between the 2 but I can not get them to connect. All I get are these messages:
Jun 06 08:43:13 [IKEv1]: IP = x.x.x.x, Error: Unable to remove PeerTblEntry
Jun 06 08:43:46 [IKEv1]: IP = x.x.x.x, Removing peer from peer table failed, no match!
I can ping x.x.x.x from within the 515.
The ASA is replacing a PIX 501. The tunnel between the 515 and the 501 works fine, just not with the ASA. I can post configs if needed. Any help would be great.
06-06-2008 05:10 AM
Hi Andy
Please attach sanitized configs of both devices (515 and the config on ASA, not 501)
Most probably the tunnel-group statement is lost on ASA since it needs to have the tunnel-group name same as remote peer IP unlike old IOSes.
Regards
06-06-2008 05:54 AM
06-06-2008 06:24 AM
Hi
I want to ensure that you have the config below if not could you do it accordingly ?
Pix 515
tunnel-group x.x.x.x type ipsec-l2l
tunnel-group x.x.x.x ipsec-attributes
where x.x.x.x is the IP of ASA peer
ASA
tunnel-group y.y.y.y type ipsec-l2l
tunnel-group y.y.y.y ipsec-attributes
where y.y.y.y is the IP of PIX peer
06-06-2008 06:30 AM
Yes that is correct - X is the IP of the ASA and Y is the IP of the PIX
06-06-2008 06:34 AM
I didn't see on the ASA the command
crypto map peer1 interface outside
06-06-2008 07:09 AM
DOH! That was it. Whay is it always the easy stuff?
Thanks!
06-06-2008 07:13 AM
:-)
yeah, in most case you need just a double-check, it's hard to be focused all time.
06-06-2008 07:10 AM
I didn't see on the ASA the command
crypto map peer1 interface outside
06-06-2008 05:11 AM
hi,
Yes, please post the config of two equipments.
regards
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: