I have a working IPsec tunnel between a PIX version 6.4 PIX 7.0 the problem is if the tunnel goes down for any reason only traffic coming from the PIX ver 7.0 side will bring the tunnel back, no traffic from the PIX ver 6.4 side will bring up the tunnel.
I think you have not defined interesting traffic from the PIX 6.4. You can issue the write terminal command on the PIX, and find the match address command under the crypto map for the connection. The Access Control List (ACL) that this command refers to specifies the interesting traffic.
I belive the access-list command is defined correctly otherwise i don't think the tunnel would come up at all. The access-list on the 6.4 side is a mirror of the one on the 7.0 side which i belive is as it should be.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...