Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Pix to PIX Ipsec tunnel

I have a pix to pix ipsec tunnel that existed before. Now that I have modified both PIX (remote and local) ACLs, I can not establish IKE Phase 2. I have established IKE Phase 1 and see the networks local & remote along with their peers.

When I do a "sh crypto isa sa" I get the following

Total : 0

Embryonic : 0

dst src state pending created

PIX#

Any suggestions? I also already ran

ca zeroize all

ca generate rsa key 512

ca save all

reloaded PIX and still same thing. Can anyone help me?

2 REPLIES
New Member

Re: Pix to PIX Ipsec tunnel

Cna you show us the config?

New Member

Re: Pix to PIX Ipsec tunnel

If you modified ACL's, remember that they must mirror each other at the ends of the tunnel: 10.10.0.0 255.255.0.0 192.168.0.0 255.255.0.0 on one end and 192.168.0.0 255.255.0.0 10.1.0.0 255.255.0.0 on the other end. I would also suggest that you look at your NONAT rules. If you modified your ACL's, you also have to update your NONAT rules.

104
Views
0
Helpful
2
Replies
CreatePlease login to create content