Comming across a strange issue here. I have a VPN that connects a PIX 505 running PIX version 6.3(4) to two PIX 515Es with ver. 7.0(6). Both the PIX 505 and the 515Es show that a VPN connection is established between them (the 505 shows QM_IDLE). However, no traffic is flowing between the 505 and the 515Es. When I try to ping a client behind either device, I get no response. Earlier this morning, I was getting responses, and then out of the blue, everthying stopped. I have reset all devices and even blew away and redid the VPN Config on the 505, but still nothing. Again, they show the VPN as being connected, but I am getting no traffic across it. Any debug commands I could be checking?
Thanks for the quick reply. BTW, it's actually a 501 not a 505...sorry for any confusion.
Well, things get stranger still. In the middle of collecting the requested info the connection between the 501 and one of the 515s suddenly came alive and I started getting responses back from my ping requests. I am still having non-traffic issues between the 501 and the other 515 though.
Attached is the config for the 501 along with the sh ipsec ouput for all three devices. Note that public IPs have been changed for secturiy reasons. The 501's IP has been changed to 220.127.116.11 while the 515s have been changed to 18.104.22.168 and 22.214.171.124. Currently, the connection between 126.96.36.199 and 188.8.131.52 is showing traffic while 1.1.1. to 184.108.40.206 is still showing a VPN tunnel but no traffic.
Well...I don't know what to say. I blew away the VPN configs in the 501 and typed them back in EXACTLY the way they were before. I went to lunch, came back an hour later, and now, everything is working just as it should be. I am getting reposes back from both sides of the 515e's and the 501. So I don't know if it was some sort of caching issue with the Isakmp/Ipsec engines or what. But traffic across BOTH VPN tunnels appears to be working now. This is something I have never seen before, but I guess stranger stuff does happen.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :