Solved: VPN site to site Pix 525 ver7.2(2) and Pix 501 ver 6.3

cborge2007 · ‎06-13-2008

Hi !!

I have problems establishing a vpn between two pix.

The first pix 525 has version 7.2 (2) another Pix has version 6.3 this one is not administered by my person.

The phase establishes 1 but send the messages attached

can help me

Thank you

Farrukh Haroon · ‎06-16-2008

I'm glad you have it working now :)

Please rate helpful posts.

Regards

Farrukh

Farrukh Haroon · ‎06-14-2008

Are you sure your crypto ACLs are mirror images of each other? Can you post the crypto configs of both devices.

Regards

Farrukh

cborge2007 · ‎06-16-2008

Excuseme for be late with my answer.

Those are the conf in both pixes.

thank for your help

Farrukh Haroon · ‎06-16-2008

You access-list on the 7.x firewall should be a mirror image (opposite) of the one on the 6.x firewall, currently it is not:

access-list 102 extended permit ip host 192.168.1.3 host 10.32.0.41

it should be:

access-list 102 extended permit ip host 10.32.0.41 host 192.168.1.3

Secondly you are missing this line:

crypto map TLF 102 match address 102

Also try to remove extra lines in ACL 102, try to keep same number of lines (configured as mirror) of opposite vpn gateway.

Regards

Farrukh

cborge2007 · ‎06-16-2008

thank you !!

Thank you !!

its works !!

every think its working !!!

Farrukh Haroon · ‎06-16-2008

I'm glad you have it working now :)

Please rate helpful posts.

Regards

Farrukh

cborge2007 · ‎06-16-2008

thank you !!! i was so sad because i had one week with this problem, thank you