Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Pix to PIX Ipsec tunnel

I have a pix to pix ipsec tunnel that existed before. Now that I have modified both PIX (remote and local) ACLs, I can not establish IKE Phase 2. I have established IKE Phase 1 and see the networks local & remote along with their peers.

When I do a "sh crypto isa sa" I get the following

Total : 0

Embryonic : 0

dst src state pending created


Any suggestions? I also already ran

ca zeroize all

ca generate rsa key 512

ca save all

reloaded PIX and still same thing. Can anyone help me?

New Member

Re: Pix to PIX Ipsec tunnel

Cna you show us the config?

New Member

Re: Pix to PIX Ipsec tunnel

If you modified ACL's, remember that they must mirror each other at the ends of the tunnel: on one end and on the other end. I would also suggest that you look at your NONAT rules. If you modified your ACL's, you also have to update your NONAT rules.

CreatePlease login to create content