Re: 3Com OfficeConnect Secure Gateway to PIX515 VPN

iikendall · ‎12-02-2002

I am trying to get one of these 3Com boxes to create a SA with a PIX, using DES (may go to 3-DES if I can get this bit working), but get the message in debug - IPSEC(validate_proposal): invalid local address a.b.c.d - where a.b.c.d is the outside address of the PIX.

I am not sure if the transform set is correct, as the 3Com has almost no useful information with it. I think I have tried all the combinations, but still draw a blank.

Any help gratefully received.

kdurrett · ‎12-02-2002

Invalid local address usually means that the crypto map isnt applied to the interface. Look for "crypto map mymap interface outside" for example. Post your pix config and debugs if you can. But i've seen the same error when its configured correctly, which usually a reload of the pix, after you do a wr mem of course, will solve that issue.

Kurtis Durrett

iikendall · ‎12-09-2002

Kurtis,

Apologies for not replying earlier. You were quite correct, when I cut and pasted the config from another customer's, I managed to omit the line that applies the cryto map, but couldn't see this when I checked the config.

Thanks for the help.

Iain

afakhan · ‎12-02-2002

Hi,

Please make sure that your crypto ACLs on the router, and local/remote proxy IDs on the 3COM are symmetrical.

Thanks,

Afaq