Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

3Com OfficeConnect Secure Gateway to PIX515 VPN

I am trying to get one of these 3Com boxes to create a SA with a PIX, using DES (may go to 3-DES if I can get this bit working), but get the message in debug - IPSEC(validate_proposal): invalid local address a.b.c.d - where a.b.c.d is the outside address of the PIX.

I am not sure if the transform set is correct, as the 3Com has almost no useful information with it. I think I have tried all the combinations, but still draw a blank.

Any help gratefully received.

3 REPLIES
New Member

Re: 3Com OfficeConnect Secure Gateway to PIX515 VPN

Invalid local address usually means that the crypto map isnt applied to the interface. Look for "crypto map mymap interface outside" for example. Post your pix config and debugs if you can. But i've seen the same error when its configured correctly, which usually a reload of the pix, after you do a wr mem of course, will solve that issue.

Kurtis Durrett

New Member

Re: 3Com OfficeConnect Secure Gateway to PIX515 VPN

Kurtis,

Apologies for not replying earlier. You were quite correct, when I cut and pasted the config from another customer's, I managed to omit the line that applies the cryto map, but couldn't see this when I checked the config.

Thanks for the help.

Iain

Bronze

Re: 3Com OfficeConnect Secure Gateway to PIX515 VPN

Hi,

Please make sure that your crypto ACLs on the router, and local/remote proxy IDs on the 3COM are symmetrical.

Thanks,

Afaq

91
Views
0
Helpful
3
Replies