10-31-2007 11:15 PM - edited 02-21-2020 03:21 PM
Hi All,
I am trying to create a VPN tunnel between a PIX and a Cisco 877W but cant seem to get the tunnel up. When I do a 'sho crypto session' on the Cisco 877, I get it said status of session was down, then changed to DOWN-NEGOTIATING, but it is now DOWN again...Please find attached configs for both ends...Are there any commands to confirm that the tunnel is up other than trying to ping the remote end? I would greatly appreciate any help to get this tunnel up.
Regards,
Raj
Solved! Go to Solution.
11-02-2007 09:20 AM
Hi,
Based on the attached configurations, there needs to be couple of changes made. For example:
1. The isakmp policies do not match on the router and pix. Make sure that the Hash, DH Group and Lifetime match on the 877 and pix.
2. The access-list for the ipsec traffic has to be mirror images of each other.
3. Make sure that the ipsec lifetime matches on both the peers.
I hope it helps.
Regards,
Arul
Rate if it helps.
11-02-2007 09:20 AM
Hi,
Based on the attached configurations, there needs to be couple of changes made. For example:
1. The isakmp policies do not match on the router and pix. Make sure that the Hash, DH Group and Lifetime match on the 877 and pix.
2. The access-list for the ipsec traffic has to be mirror images of each other.
3. Make sure that the ipsec lifetime matches on both the peers.
I hope it helps.
Regards,
Arul
Rate if it helps.
11-06-2007 07:16 PM
Hi Arul,
I changed the ACL's and its seems to have fixed the problem. Thanks Heaps for your help.
Regards,
Raj
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: