Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
321
Views
0
Helpful
4
Replies

PIX 501 VPN Problem

dredd123
Level 1
Level 1

‎01-08-2008 02:42 AM - edited ‎03-11-2019 04:44 AM

Hi,

I have two Cisco PIX 501's (PIX1 and PIX2) providing a LAN to LAN IPSec VPN between two sites (SITE1 and SITE2). PIX1 is at SITE1 and PIX2 is at SITE2.

If I ping a device on the LAN at SITE1 from a device on the LAN at SITE2, the VPN tunnel comes up fine. Once the tunnel is up I can also ping a device on the LAN at SITE2 from a device on the LAN at SITE1. However, if the tunnel is down and I ping a device on the LAN at SITE2 from a device on the LAN at SITE1, the VPN tunnel does not come up. I'm sure I've got all routing/static routes setup correctly.

Would appreciate some pointers.

Labels:
0 Helpful
4 Replies 4

massimiliano.serafino
Level 4
Level 4

‎01-08-2008 07:00 AM

Hi,

When you ping a device in LAN on the site 2 from a device in LAN on the site 1 the VPN tunnel doesn't come up....

Is traffic from LAN (site1) to LAN (site2) "interesting traffic"?

This is a good reference: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9950.shtml

Check your configuration.

I hope this helps.

Best regards.

Massimiliano.

0 Helpful

dredd123
Level 1
Level 1
In response to massimiliano.serafino

‎01-08-2008 08:35 AM

Hi,

I should have mentioned; the PIX's in question are running 6.3 and the private IP networks at each office are different (192.168.1.0/24 at SITE1 and 192.168.9.0/24 at SITE2).

On this basis I'm not sure that the supplied link is specifically relevant? One other thing, I DID use the PDM VPN wizard to configure both PIX's so I would expect this to have put the correct configuration in place? I can post the config's if it would help.

Thanks,

Dave.

0 Helpful

massimiliano.serafino
Level 4
Level 4
In response to dredd123

‎01-08-2008 11:00 AM

Hi Dave,

Here is the link for configuring vpn site-to-site with PDM http://www.cisco.com/en/US/docs/security/pix/pix63/quick/guide/63_515qk.html#wp48080

Here is the link with some configuration example of Site-to-Site VPN http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/sit2site.html..if you use a pre-shared key in order to establish a tunnel view the section "Establishing a Tunnel Using a Pre-Shared Key "..and then see configuration file on both firewalls.

I hope this helps.

Best regards.

Massimiliano.

0 Helpful

angel2610
Level 1
Level 1

‎01-10-2008 05:20 AM

i have a doubt because i need put two pix in my network, one for the traffic control and another for the vpn (ipsec), so my problem is that i have the same configuration and both pixs and i want to put the ipsec as comment or disable in one pix, because when the other pix fail or is down, i could put up the other ipsec and all to be working good, so my question is how i can put the ipsec in desable and if i have problems with the other pix, i can put enable this ipsec or what is the best idea for this situation

i have two pixs 501, i hope that you can help me,

thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card