Problems with Tunnel from pix A to pix B

marilynnkelly · ‎10-18-2008

VPN Parameters

pix B end point is 66.66.66.66

pix B network is 192.168.50.0/24

pix A will need to make ACL from 172.24.176.9 to host 192.168.50.83 and 192.168.50.86

pix A will need to NAT intresting traffic to 172.24.176.0 /24

pix A

Phase 1

Authentication: Pre-Shared

Encryption: 3DES

Hash: SHA

DH: 1

Lifetime: 86400 sec

Phase 2

ESP encryption 3DES

ESP authentication

Lifetime 28800

pix A

outside 12.12.12.12 /24

insdie 192.168.1.2 /24

Problem creating tunnel from pix A to pix B

ajagadee · ‎10-18-2008

Hello,

Below is a troubleshooting guide for Pix L2L IPSec Tunnel.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a008009448c.shtml

If the above URL does not help, then is it possible to post your configuration of the Pix along with "Deb cry is" and "Deb cry ipsec" outputs.

Regards,

Arul

** Please rate all helpful posts **

c-drozd · ‎10-19-2008

I beleive my problem is configuring the ACL properly. If I am correct if the ACL is correctly configured then a tunnel can not be created?

c-drozd · ‎10-19-2008

Reposting message because of typo. I beleive my problem is configuring the ACL properly. If I am correct if the ACL is not correctly configured then a tunnel can not be created?

ajagadee · ‎10-22-2008

Yes, are correct. ACL is what defines the interesting traffic for IPSEC and that is what triggers your IPSEC L2L Tunnel.

Can you post the Pix configuration along with the outputs of "deb cry is" and "deb cry ips".

Regards,

Arul

*Pls rate if it helps*