cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
276
Views
0
Helpful
1
Replies

problem with replacing a peer

m.dehler
Level 1
Level 1

I have a functional ipsec tunnel between a PIX 515 and an ASA 5510 with version 7.0(7). I'm trying to replace that PIX 515 with an ASA 5510 with version 7.0(8). The configuration seems consistent to me, with the exception of the security-association lines which I don't see on the 7.0(7) ASA. I've compared other parts of the configuration on these three devices and I just don't understand why the ASA 7.0(8) isn't working where the PIX 515 is. At many steps along the way I have turned the crypto map to the interface off and on again. Here are what I figure are the relevant parts of the configurations on the three devices. Thanks in advance for your help.

1 Reply 1

Ivan Martinon
Level 7
Level 7

There is a reason why Cisco asks to make the Crypto ACL's to be specific on regards to traffic definition, your setup will simply will not match, on your 515 you had the advantage of defining specific source and destination of your crypto acls on your ASA 7.0(8) you are not causing this security association never to match. Go ahead and try to change the ASA 7.0(8) crypto acls to look as how the pix 515 is and try again or make both the 7.0(7) and 7.0(8) specific.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: