09-26-2002 03:04 AM - edited 02-21-2020 12:05 PM
I am configuring multiple site to site VPN connections using PIX firewalls to terminate (in a hub, spoke configuration). I get to create my next crypto map seq-number on the hub PIX and the firewall collapses. However, the previously configured ipsec tunnels stay active but i cannot use any of the static routes configured to access external networks , NAT fails, internet access etc.
we have tried CLEAR CRYPTO IPSEC SA, CLEAR CRYPTO ISAKMP SA and reloads to no avail.
What could be wrong ? Any help would be appreciated.
09-26-2002 05:23 AM
Hi, make sure your not pointing the second crypto map match address to an access list that is not there.
Is there any way you can post your config?
09-27-2002 05:55 AM
Thanks Mike, I have it resolved now.
I found that when I started my next 'crypto map mapname 10 ...... ' command, the firewall would knock out other connections through the firewall that I had allowed, e.g. stop machines with static routes getting outside, like my proxy server.
Once I had completed the crypto map set, then the connections were once again available.
The workround I used was to cut and past into the firwall the whole specific crypto set all at the same time, eg
crypto map SPAIN 10 ipsec-isakmp
crypto map SPAIN 10 match address 105
crypto map SPAIN 10 set peer 10x.10x.10x.10x
crypto map SPAIN 10 set transform-set MADRID
very strange, but thanks again.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide