How do i start VPN l2l initialization?

Answered Question
Jan 22nd, 2010

hey there!

I have two PIX501e and trying to set up a LAN2LAN. i have all the settings in place, but for some reason its not negotioating the connection. Is there an enable command to negotiate? i have crypto enabled on both outside interfaces

I have this problem too.
0 votes
Correct Answer by busterswt about 7 years 2 days ago

You need to initiate traffic from one end to the other in order for the tunnel to build. The traffic you need to generate is defined within the encryption domain. So, if you're tunneling traffic using RFC1918 IPs (ie. 192.168.x.x), be sure to ping that IP and not the public (or vice-versa).

The encryption domain defines 'interesting traffic', or traffic that the firewall determines should be passed over the tunnel and not through the Internet (or any other interface).

James

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
busterswt Fri, 01/22/2010 - 22:37

You need to initiate traffic from one end to the other in order for the tunnel to build. The traffic you need to generate is defined within the encryption domain. So, if you're tunneling traffic using RFC1918 IPs (ie. 192.168.x.x), be sure to ping that IP and not the public (or vice-versa).

The encryption domain defines 'interesting traffic', or traffic that the firewall determines should be passed over the tunnel and not through the Internet (or any other interface).

James

cisco_himg Sat, 01/23/2010 - 11:22

You are right!

Funny thing i was pinging the other device and still nothing, however, when i started AT the other device and pinged me, the tunnel came right up. i guess i was pinging from the wrong side

thank you again!

Actions

This Discussion