Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

L2L between pix and vpn concentrator 3000 doesn't initiate

Hi everyone,

On my pix, I have 2 tunnels which has been already set up.

I'm currently trying to create a third one between a PIX 515 and a VPN Concentrator 3000.

I used the ASDM Site-to-Site Wizard to create the tunnel. But when I applied the changes, nothing's happened. On the VPN Concentrator 3000's side, the tunnel was enabled (the checkbox Enabled is enable).

The pix didn't start initiating the tunnel. I had to restart the pix manually and then, it tried to create the tunnel. Each time I changed something about the configuration of this tunnel, i had to reload the pix configuration. 

I know that we have these command:

clear crypto isakmp

clear crypto ipsec

and I tried also to disable the crypto map on the outside interface and then enabled it again, thanks to these command:

no crypto map outside_map interface outside

crypto map outside_map interface outside

But nothing happened. Nothing appeared in the log. 

So my question is the following: Are there other commands which can help me to apply changes I brought to a tunnel configuration (without restarting manually)? Or to force the pix to initiate the tunnel with the new settings?

Thanks in advance for your help.

Everyone's tags (5)
3 REPLIES

Re: L2L between pix and vpn concentrator 3000 doesn't initiate

In a Pix you don have to apply changes like in an IPS.

As soon as you configure everything and you apply de crypto map on the interfaces traffic should be allow to pass. Send us the config and we will tell u if something is wrong.

Silver

Re: L2L between pix and vpn concentrator 3000 doesn't initiate

Hi,

When you create the tunnels, try to generate some traffic between the two networks and then check your crypto isakmp and crypto ipsec sa. You can also enable debug crypto isakmp and debug crypto ipsec on the pix.

Thanks

John

New Member

Re: L2L between pix and vpn concentrator 3000 doesn't initiate

Hi,

Sorry for the delay and thanks diegocambronero and john for having replied to my post.

I've just tested what you've said. And I was indeed able to make the pix to initiate the tunnel by generating traffic. As soon as it detected that there is a traffic for the remote network, i tried to bring up the tunnel. I enabled debug crypto ipsec sa and debug crypto isakmp. And I saw that i had an issue with the ipsec transform set.

No it's fixed. Thanks a lot

770
Views
0
Helpful
3
Replies