06-06-2008 05:06 AM - edited 03-11-2019 05:56 AM
Hello - I have a PIX 515 (v 7.2) and a ASA 5520. I have a VPN tunnel built between the 2 but I can not get them to connect. All I get are these messages:
Jun 06 08:43:13 [IKEv1]: IP = x.x.x.x, Error: Unable to remove PeerTblEntry
Jun 06 08:43:46 [IKEv1]: IP = x.x.x.x, Removing peer from peer table failed, no match!
I can ping x.x.x.x from within the 515.
The ASA is replacing a PIX 501. The tunnel between the 515 and the 501 works fine, just not with the ASA. I can post configs if needed. Any help would be great.
06-06-2008 05:10 AM
Hi Andy
Please attach sanitized configs of both devices (515 and the config on ASA, not 501)
Most probably the tunnel-group statement is lost on ASA since it needs to have the tunnel-group name same as remote peer IP unlike old IOSes.
Regards
06-06-2008 05:54 AM
06-06-2008 06:24 AM
Hi
I want to ensure that you have the config below if not could you do it accordingly ?
Pix 515
tunnel-group x.x.x.x type ipsec-l2l
tunnel-group x.x.x.x ipsec-attributes
where x.x.x.x is the IP of ASA peer
ASA
tunnel-group y.y.y.y type ipsec-l2l
tunnel-group y.y.y.y ipsec-attributes
where y.y.y.y is the IP of PIX peer
06-06-2008 06:30 AM
Yes that is correct - X is the IP of the ASA and Y is the IP of the PIX
06-06-2008 06:34 AM
I didn't see on the ASA the command
crypto map peer1 interface outside
06-06-2008 07:09 AM
DOH! That was it. Whay is it always the easy stuff?
Thanks!
06-06-2008 07:13 AM
:-)
yeah, in most case you need just a double-check, it's hard to be focused all time.
06-06-2008 07:10 AM
I didn't see on the ASA the command
crypto map peer1 interface outside
06-06-2008 05:11 AM
hi,
Yes, please post the config of two equipments.
regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide