Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

IPSEC between PIX501 and a router

Hi all,

Before implement IPSEC between two sites with PIX, I have a test first with a PIX501 and a 2600 router. I config the IPSEC setting in the two equipment and set the peer of one equipment to the outbound interface of the other one. In PIX501, I enable the function that bypass the check for IPSEC traffic. I just have 1 pc so that I connect the pc to the PIX inside interface and create a loopback interface in the 2600 for testing. I can form an IPSEC channel when I initiate the IPSEC frmo the PIX to the 2600 and I ping from the pc to the loopback interface of 2600 and success. And I clear the IPSEC channel (I use "clear crypto isakmp" in the router and reboot the PIX), and use extend ping from the router using the loopback interface of source address and ping the IP of the pc and fail. I had check the access-list and IPSEC peer of the router and PIX but I think it's all right. Because I am lack of experience of PIX, can anyone tell me the reason?

Thank You!

Best Regards

Teru Lei


Re: IPSEC between PIX501 and a router

Here's a good starting point for troubleshooting problems with IPSEC:

Cisco Employee

Re: IPSEC between PIX501 and a router

Hi Teru,

When your clear the isakmp and ipsec SA's and then try to ping the host behind the Pix 501 from the router using the loopback address as the source, does the Tunnel come up.

How does your Pix 501 get a public ip address. Is it a static or a DHCP assigned one.

When you are not able to bring the tunnel from the router, what happens if you go to the host behind the pix and try to ping the loopback address of the router. Does the tunnel come up without any issue.



CreatePlease to create content