Site to Site VPN between Pix 515e and Pix 501

Unanswered Question
Sep 29th, 2010

I have a PIX 515e and a PIX 501 that I am trying to get setup with a Site to Site VPN tunnel and access for VPN clients.

I have successfully gotten Two PIX 501s in this setup, but I am running into a wall here.  I am getting nothing.

Both sites are available witht he VPN dialer, but the Site to Site is non existant.  When I run a sh isakmp sa, I only see the VPN dialers.

Attached are my configs, they are labeled appropriately.

Any help is greatly appricated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Federico Coto F... Wed, 09/29/2010 - 14:08


You have two crypto maps configured namely ciumap and vpnmap, but only ciumap is applied to the outside interface.

So the crypto map vpnmap is not really doing anything in the configuration.

What is the purpose of both crypto maps?


shijomon scaria Wed, 09/29/2010 - 22:51


Crypto map 'vpnmap' is the one doing site to site tunneling in ur configuration, but it is not applied on the the interface, same time you have applied another crypto map on the interface 'ciumap'. Remember one thing that you can apply only one crypto map at a time on an interface. But you can use different sequence numbers to create different parameters.

Thank you.


ciunetworks Sat, 10/09/2010 - 23:26

After wasting my time with the old hardware and software versions.  I went ahead and replace both units with asa 5505's

I have been successfull with the Site to Site VPN's and the VPN dialer access, but cannot figure out the static routes for my servers.

I have posted a new discusion here.

Any help of the asa 5505 static routes wiuld be greatly appreciated.


This Discussion

Related Content