I am having problem in bringing up VPN link between PIX firewall and 3825 router. It was working fine but all of a sudden it stopped. Debug of 3825 is attached for reference. Any work arounds??
The error is at phase 1 itself.
Are you sure you have the same properties at both the ends in terms on isakmp policies, encryption, hash, authentication and group?
On router can you replace,
crypto isakmp key 6 cisco123 address 188.8.131.52 255.255.255.252
crypto isakmp key cisco123 address 184.108.40.206 255.255.255.252
Also, if you can remove the netmask on both the device in the crypto isakmp key cli if you are establising the tunnel just between these two device.
Cli will to look as below w/o mask-
On router -
crypto isakmp key cisco123 address 220.127.116.11
on pix -
isakmp key cisco123 address 18.104.22.168
Sorry for that... ACL 104 is not in the attachement. Following is the ACL 104.
access-list 104 permit ip 10.0.0.0 0.0.255.255 22.214.171.124 0.0.255.255
access-list 104 permit ip 172.16.0.0 0.0.255.255 126.96.36.199 0.0.255.255
access-list 104 permit ip 10.3.1.224 0.0.0.31 188.8.131.52 0.0.255.255
access-list 104 permit ip 10.0.0.0 0.0.255.255 172.16.21.0 0.0.0.255
access-list 104 permit ip 10.3.1.224 0.0.0.31 172.16.21.0 0.0.0.255
access-list 104 permit ip 172.16.0.0 0.0.255.255 172.16.21.0 0.0.0.255
Hope this works.
From attached config files.
crypto access list on pix(101) seems to contain different ace's from that on router(104).
Otherwise all the vpn cli seems to be ok.
Can you check the nat is not done for the traffic on both the device.
ip route 184.108.40.206 255.255.0.0 220.127.116.11
here I do not see any interface with ip on this subnet 18.104.22.168.
If 22.214.171.124 is the inside network of pix , then doesn't the next hop ip in this route needs to be 126.96.36.199 instead of 188.8.131.52.
Also if possible , can you disable the ipsec on both the devices and check if you are able to ping the peer ip address and the inside network of the remote device from router (both outside interface and inside interface).