Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

New Member

IPSec Site-to-Site VPN between ASA 5540 and PIX 501

I am having problems setting up a site-to-site VPN. I used the VPN Wizard and the configuration matches an existing VPN that is working. The IKE Tunnel displays on the 501 home page but the IPSec Tunnel does not appear. As well, I do not see any encap/decap packets. Any help will be greatly appreciated..

2 REPLIES
Cisco Employee

Re: IPSec Site-to-Site VPN between ASA 5540 and PIX 501

Hi,

Its kind of hard to way without looking at the configuration. Couple of quick things to check is:

1. IPSEC Policy - encryption, hashing, SA lifetime

2. Crypto ACL's - Make sure the ACL's are mirror images of each other.

3. No Overlapping ACLs

4. NAT 0 - By Pass NAT for Crypto Traffic.

If possible, please do post the sanitize version of the configuration and debugs when bringing up the tunnel.

I hope it helps.

Regards,

Arul

** Please rate all helpful posts **

New Member

Re: IPSec Site-to-Site VPN between ASA 5540 and PIX 501

And if everything looks right in both configs, " debug crypto isakmp" or "debug crypto ipsec" may help determining where and why the tunnel fails.

jF

471
Views
9
Helpful
2
Replies
CreatePlease to create content