ISAKMP wont start on a PIX

Unanswered Question
Dec 19th, 2005
User Badges:

I have a PIX (we'l call PIX A) which has a VPN (PIX TO PIX) connection running to PIX C. I have tried to set up a VPN from PIX A to PIX B which has not been used for VPN. And I can't seem to get ISAKMP to 'start' between even though I've copied the config from the working one etc. The PIX version is 6.3(3) - is there something obvious Im missing?? The isakmp config/isakmp key is the same etc. Very confusing!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jackko Mon, 12/19/2005 - 19:10
User Badges:
  • Gold, 750 points or more

please post the entire config with public ip masked.

PIX A


sysopt connection permit-ipsec

crypto ipsec transform-set whitevpn esp-3des esp-sha-hmac

crypto map LONDON_VPN 10 ipsec-isakmp

crypto map LONDON_VPN 10 match address 110

crypto map LONDON_VPN 10 set peer x.x.x.x (going to PIX C)

crypto map LONDON_VPN 10 set transform-set whitevpn

crypto map LONDON_VPN 20 ipsec-isakmp

crypto map LONDON_VPN 20 match address 111

crypto map LONDON_VPN 20 set peer x.x.x.x (going to PIX B)

crypto map LONDON_VPN 20 set transform-set whitevpn

crypto map LONDON_VPN interface outside

isakmp enable outside

isakmp key ******** address x.x.x.x. (PIX C) netmask 255.255.255.255

isakmp key ******** address x.x.x.x (PIX B) netmask 255.255.255.255

isakmp identity address

isakmp keepalive 10

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash sha

isakmp policy 10 group 2

isakmp policy 10 lifetime 28800




PIX C



sysopt connection permit-ipsec

crypto ipsec transform-set whitevpn esp-3des esp-sha-hmac

crypto map LONDON_VPN 20 ipsec-isakmp

crypto map LONDON_VPN 20 match address 111

crypto map LONDON_VPN 20 set peer x.x.x.x (PIX A)

crypto map LONDON_VPN 20 set transform-set whitevpn

crypto map LONDON_VPN interface outside

isakmp enable outside

isakmp key ******** address x.x.x.x (PIX A) netmask 255.255.255.255

isakmp identity address

isakmp keepalive 10

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash sha

isakmp policy 10 group 2

isakmp policy 10 lifetime 28800



The link to PIX B is up and running and using the same config as PIX A.

Actions

This Discussion