Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

VPN to Cisco PIX from Cisco ASA

I'm replacing a PIX 501 with a new ASA. The 501 already has the VPN details and all works but when i try to replicate with the ASDM i'm having no joy. I'm having trouble configuring my Cisco ASA to do a site to site VPN to our Cisco PIX. Could someone suggest the ASA commands i should enter. Here is the current PIX 501 vpn information:

access-list outside_cryptomap_19 permit ip

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto map outside_map_1 19 ipsec-isakmp
crypto map outside_map_1 19 match address outside_cryptomap_19
crypto map outside_map_1 19 set peer
crypto map outside_map_1 19 set transform-set ESP-DES-MD5
crypto map outside_map_1 20 ipsec-isakmp

isakmp enable outside
isakmp key ******** address netmask
isakmp identity address
isakmp nat-traversal 20
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400

What would be the equivelent for the ASA?

Any help is appreciated.



Everyone's tags (2)
Cisco Employee

VPN to Cisco PIX from Cisco ASA

What version of ASA are you running?

VIP Purple

VPN to Cisco PIX from Cisco ASA

On the ASA you need to configure a tunnel-group. Inside the tunnel-group you specify the PSK which was configured previously in isakmp-config:

tunnel-group type ipsec-l2l

tunnel-group ipsec-attributes

pre-shared-key *****

OR for ASA v8.4:

ikev1 pre-shared-key ***** is the remote IP

AND: you also want to migrate away from DES/MD5.

Community Member

VPN to Cisco PIX from Cisco ASA

I'm running ASA 8.4.

So i have tried this via the ASDM and the CLI and still no joy and am thinking is something todo with that the ASA has the outside address of "" but actually "" is Nat'd to and this is the actual outside interface address... If that makes sense.

Remote Outside IP:

Local Outside IP: (but Nat'd to

The remote l2l pix515e is expecting from

VIP Purple

VPN to Cisco PIX from Cisco ASA

whats your config now? crypto, tunnel-groups, nat, ACLs

CreatePlease to create content