I have a problem with IPSec VPN established between a PIX 515e and a Nortel contivity 1010. I make the configuration of the tunnel on both side and it works correctly but I can not get communication between the two LANs.
I show in the PIX log this :
2010-03-18 08:57:52 Local7.Info 172.17.1.250 :Mar 18 08:57:52 WEST: %PIX-6-602302: deleting SA, (sa) sa_dest= 188.8.131.52, sa_prot= 50, sa_spi= 0x3fcc692a(1070360874), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 4
2010-03-18 08:57:52 Local7.Info 172.17.1.250 :Mar 18 08:57:52 WEST: %PIX-6-602302: deleting SA, (sa) sa_dest= 184.108.40.206, sa_prot= 50, sa_spi= 0x1f7f65(2064229), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3
This to line comes every 2 minutes .... Is it possible that this may be causing my problem? and what is this message ?
I show you my pix configuration :
For me this configuration is fine but, it's dont work fine !!!!
Can you help me please ?
It actually matches the following:
local ident (addr/mask/prot/port): (AENOR_ALL/255.255.0.0/0/0)
remote ident (addr/mask/prot/port): (192.168.9.0/255.255.255.0/0/0)
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0
#pkts decaps: 60, #pkts decrypt: 60, #pkts verify 60
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
So packets are received and decapsulated, however, no reply back to be encapsulated.
Please configure "fixup protocol icmp error" for the icmp inspection.
Please check on the 172.17.1.7 host itself to see if it's default gateway is configured to be 172.17.1.250, and if the host has any other specific routes configured. If it's a windows host, you can check "route print" from the DOS prompt.
Please also check if it is allowing inbound RDP session? Are you able to RDP to it from internally?
Are you able to telnet on port 3389 from DOS prompt (telnet 172.17.1.7 3389)? What are you getting?