×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

PIX 520 to PIX 520 IPSEC TUNNEL IOS 6.3(4)

Unanswered Question
Nov 9th, 2005
User Badges:

We have two cisco PIX 520 16M FLASH IOS 6.3(4) on both and 2 FE interfaces on each firewall. (Identical PIXes)


The first PIX CONFIG is:


nameif ethernet0 outside security0

nameif ethernet1 inside security100

......

access-list 101 permit ip 192.168.XXX.0 255.255.255.0 192.168.AAA.0 255.255.255.0

access-list 102 permit ip 192.168.XXX.0 255.255.255.0 192.168.AAA.0 255.255.255.0

..........

nat (inside) 0 access-list 101

..........

crypto ipsec transform-set SecuritySet esp-des esp-sha-hmac

crypto map rtpmap 1 ipsec-isakmp

crypto map rtpmap 1 match address 102

crypto map rtpmap 1 set peer AAA.AAA.AAA.AAA

crypto map rtpmap 1 set transform-set SecuritySet

crypto map rtpmap 1 set security-association lifetime seconds 3600 kilobytes 4608000

crypto map rtpmap interface outside

isakmp enable outside

isakmp key ******** address AAA.AAA.AAA.AAA netmask 255.255.255.255

isakmp identity address

isakmp policy 1 authentication pre-share

isakmp policy 1 encryption des

isakmp policy 1 hash sha

isakmp policy 1 group 2

isakmp policy 1 lifetime 86400


And the second PIX Config is:



nameif ethernet0 outside security0

nameif ethernet1 inside security100

......

access-list 101 permit ip 192.168.AAA.0 255.255.255.0 192.168.XXX.0 255.255.255.0

access-list 102 permit ip 192.168.AAA.0 255.255.255.0 192.168.XXX.0 255.255.255.0

..........

nat (inside) 0 access-list 101

..........

crypto ipsec transform-set SecuritySet esp-des esp-sha-hmac

crypto map rtpmap 1 ipsec-isakmp

crypto map rtpmap 1 match address 102

crypto map rtpmap 1 set peer XXX.XXX.XXX.XXX

crypto map rtpmap 1 set transform-set SecuritySet

crypto map rtpmap 1 set security-association lifetime seconds 3600 kilobytes 4608000

crypto map rtpmap interface outside

isakmp enable outside

isakmp key ******** address XXX.XXX.XXX.XXX netmask 255.255.255.255

isakmp identity address

isakmp policy 1 authentication pre-share

isakmp policy 1 encryption des

isakmp policy 1 hash sha

isakmp policy 1 group 2

isakmp policy 1 lifetime 86400



We have turned logging on and debugging for IPSEC and ISAKMP, but threr seems to be no connection attempts between the two PIXes none of the PIXes is trying to initiate a connection to the other PIX.


Please Help!


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion