07-03-2008 04:28 AM - edited 02-21-2020 03:48 PM
I admit that I'm rather new to Cisco gear and I'm trying to setup a VPN between a PIX 501 (version 6.3(3)) and an ASA 5500 (version 7.0(7)) but am unable to get the VPN tunnel up.
Originally, there were multiple remote sites with 501s connecting back to the main site's 501. The main site's 501 is being replaced by the ASA so basicallly, all I did was change the IP the remote was using to point to the new IP of the host ASA and then setup the VPN config on the ASA using the VPN Wizard. To me it all looks like it should work. It's late and I'd appreciate any help, direction and/or suggestions to what I'm doing wrong.
I've attached a doc with both configs (IP changed from actual but you should still be able to figure it out).
ASA IP 172.16.2.56/27
PIX IP 172.16.1.250/29
Thanks!
07-03-2008 11:36 AM
You can start by adjusting the acls on the asa
instead of
"
access-list inside_nat0_outbound extended permit ip 10.0.0.0 255.255.255.0 10.0.0.0 255.255.255.0
access-list outside_cryptomap_20 extended permit ip 10.0.0.0 255.255.255.0 10.0.0.0 255.255.255.0"
you need
"
access-list inside_nat0_outbound extended permit ip 10.0.0.0 255.255.255.0 10.0.8.0 255.255.255.0
access-list outside_cryptomap_20 extended permit ip 10.0.0.0 255.255.255.0 10.0.8.0 255.255.255.0
07-03-2008 05:41 PM
Oops, actually what I have in the config is correct, or what you have. I think I messed it up trying to fix the line break when I copied it from my console session. Sorry, but still doesn't seem to work.
07-07-2008 08:32 PM
Figured it out.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide