Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IPSec VPN between PIX and Cisco 877W

Hi All,

I am trying to create a VPN tunnel between a PIX and a Cisco 877W but cant seem to get the tunnel up. When I do a 'sho crypto session' on the Cisco 877, I get it said status of session was down, then changed to DOWN-NEGOTIATING, but it is now DOWN again...Please find attached configs for both ends...Are there any commands to confirm that the tunnel is up other than trying to ping the remote end? I would greatly appreciate any help to get this tunnel up.

Regards,

Raj

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: IPSec VPN between PIX and Cisco 877W

Hi,

Based on the attached configurations, there needs to be couple of changes made. For example:

1. The isakmp policies do not match on the router and pix. Make sure that the Hash, DH Group and Lifetime match on the 877 and pix.

2. The access-list for the ipsec traffic has to be mirror images of each other.

3. Make sure that the ipsec lifetime matches on both the peers.

I hope it helps.

Regards,

Arul

Rate if it helps.

2 REPLIES
Cisco Employee

Re: IPSec VPN between PIX and Cisco 877W

Hi,

Based on the attached configurations, there needs to be couple of changes made. For example:

1. The isakmp policies do not match on the router and pix. Make sure that the Hash, DH Group and Lifetime match on the 877 and pix.

2. The access-list for the ipsec traffic has to be mirror images of each other.

3. Make sure that the ipsec lifetime matches on both the peers.

I hope it helps.

Regards,

Arul

Rate if it helps.

New Member

Re: IPSec VPN between PIX and Cisco 877W

Hi Arul,

I changed the ACL's and its seems to have fixed the problem. Thanks Heaps for your help.

Regards,

Raj

201
Views
0
Helpful
2
Replies