10-18-2008 05:39 PM - edited 03-11-2019 06:59 AM
VPN Parameters
pix B end point is 66.66.66.66
pix B network is 192.168.50.0/24
pix A will need to make ACL from 172.24.176.9 to host 192.168.50.83 and 192.168.50.86
pix A will need to NAT intresting traffic to 172.24.176.0 /24
pix A
Phase 1
Authentication: Pre-Shared
Encryption: 3DES
Hash: SHA
DH: 1
Lifetime: 86400 sec
Phase 2
ESP encryption 3DES
ESP authentication
Lifetime 28800
pix A
outside 12.12.12.12 /24
insdie 192.168.1.2 /24
Problem creating tunnel from pix A to pix B
10-18-2008 07:12 PM
Hello,
Below is a troubleshooting guide for Pix L2L IPSec Tunnel.
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a008009448c.shtml
If the above URL does not help, then is it possible to post your configuration of the Pix along with "Deb cry is" and "Deb cry ipsec" outputs.
Regards,
Arul
** Please rate all helpful posts **
10-19-2008 06:19 AM
I beleive my problem is configuring the ACL properly. If I am correct if the ACL is correctly configured then a tunnel can not be created?
10-19-2008 07:54 AM
Reposting message because of typo. I beleive my problem is configuring the ACL properly. If I am correct if the ACL is not correctly configured then a tunnel can not be created?
10-22-2008 04:34 PM
Yes, are correct. ACL is what defines the interesting traffic for IPSEC and that is what triggers your IPSEC L2L Tunnel.
Can you post the Pix configuration along with the outputs of "deb cry is" and "deb cry ips".
Regards,
Arul
*Pls rate if it helps*
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide