Using 2 PIX 501 firewalls, I recently attempted to make a site to site VPN connection between 2 sites. Site 1 is new and only had the site-to-site config and site 2 had an exisiting connection as an Easy VPN hardware client to Site 3 Easy VPN server.
On site 1, the config went in ok. On site 2, I got an error, 'could not make SA because of an existing Easy VPN connection'.
I went back and tried to configure site 1 as a Easy VPN server and site 2 as a client. As soon as I entered the IP of the EZ VPN server in the vpnclient command, the 501 locked up and knocked me out of my telnet session...[reload?] to get it back up.
Why is this happeneing? I read that the 501 client can be a client and server to 10 connections respectively. What gives?
It seems that anything I do from the book doesn't work. I read nothing that said anything about not making a IKE/IPsec connection while there is an Easy VPN client connection.
What do I have to do to get a proper education on this topic? Nothing has prepared me for the real life stuff (Cisco Press), except for failures. For all my reading and preperation, I have learned nothing.
What is the rule for making VPN connections between sites? Can there be an exisiting Easy VPN connection when adding connection to a site to site VPN?
Can a PIX 501 have connections to 2 different EZ VPN server??
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...