01-19-2009 11:04 AM
ASA-7.2.4, PIX 6.3.5
VPN tunnel will come up if you ping a device on the PIX side from ASA side. If you start ping a device from PIX to ASA , Tunnel will not come up. Any idea?
01-19-2009 12:18 PM
Have you check that both configs are in sync? What are the debug outputs that you get on both endpoints? Can you upload both configs here?
01-20-2009 07:27 AM
Here are the config.
Tunnel will come up if you start from ASA right away . but once tunnel is down and try to bring from PIX side, it will not come up.
I created another tunnel from pix to same ASA , we have the same issue. Looks like the issue is with ASA.
I get the following acl deny errors
IPSEC(sa_initiate): ACL = deny; no sa created
192.168.21.11 NO response received -- 1000ms
IPSEC(sa_initiate): ACL = deny; no sa created
192.168.21.11 NO response received -- 1000ms
IPSEC(sa_initiate): ACL = deny; no sa created
192.168.21.11 NO response received -- 1000ms
01-20-2009 07:59 AM
Thanks, config looks good, now on regards to your message, that is the reason why this tunnel is not started, those errors are seen on the pix correct? this is what you need to do: Go ahead and remove the crypto map from the PIX outside interface, recreate your access list FOCUSColo with another name but with the same syntax, apply that access list to the match address statement of tunnel BTECHMAP 21 and reapply the crypto map, see if you can try to create the tunnel from the pix this time.
If these errors are seen on the ASA do the same thing on ASA accordingly.
01-20-2009 08:08 AM
thanks for the reply. it worked as you mentioned.
thanks a lot for the help
01-20-2009 10:29 AM
awsome!
02-26-2010 03:45 AM
Hi.
Thanks a lot for this info. It solved our problem with exact the same symptoms.
What has happened in the PIX when this happens?
Regards
Paul
02-26-2010 08:22 AM
Hi Paul,
What tipycally happens is that the SA gets corrupted, and it usually happens because the configuration is constantly changed without removing the crypto map from the interface.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide