site to site with 501

Answered Question
Nov 12th, 2008
User Badges:

Long time reader, first time post.


I am trying to create a site-to-site tunnel between two 501 PIXs. I have rummaged through multiple forums and Cisco white papers and I cannot create this tunnel. Any help would be appreciated.


I have done a debug crypto ipsec and debug crypto isakmp. I get nothing on both sides…just a cursor blinking back at me.


Attached are my configs.

thanks in advance,



Attachment: 
Correct Answer by ajagadee about 8 years 8 months ago

Hi David,


Couple of things:


1. Make sure that you have logging enabled to see the debugs.


Logging on

Logging Buffered Debugging


2. Also, where are you initiating the IPSEC Traffic. It has to be from a host behind the Pix 501. You cannot initiate IPSEC Traffic from the pix itself.


Regards,

Arul


*Pls rate if it helps*


http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/gl.html#wp1028090

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
ajagadee Wed, 11/12/2008 - 09:24
User Badges:
  • Cisco Employee,

Hi David,


Couple of things:


1. Make sure that you have logging enabled to see the debugs.


Logging on

Logging Buffered Debugging


2. Also, where are you initiating the IPSEC Traffic. It has to be from a host behind the Pix 501. You cannot initiate IPSEC Traffic from the pix itself.


Regards,

Arul


*Pls rate if it helps*


http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/gl.html#wp1028090

manilla77 Wed, 11/12/2008 - 09:59
User Badges:

I was just getting ready to reply to my original post. I think by posting, it scared the VPN tunnel into working. Not sure what I did, but its working. I think possibly clearing crypto ipsec sa and clear crypto isakmp sa helped even though I had tried this before. Thank you very much for the quick response.


Case closed!


Actions

This Discussion