Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Pix 501 Easy VPN to VPN 3005 Concentrator

I am trying to set up a Hardware Client to the 3000 from the Pix 501, using the Easy VPN option. SInce the users can only get Cable Modem with dynamic IP addresses, this is my only option.

I have a couple of Lan to Lan and Client connections currently on the 3000. This is the first Hardware Client I have attempted. The 3000 is running Software version 3.6.5 code and the Pix 501 is running Software version 6.2 with 3DES option.

When the Pix is connected I can browse the Internet with no problem, but it never completes the VPN Tunnel on the 3000. I get the following error in the 3000 log no matter what I do. Does anyone have a suggestion ?

IKE AM Responder FSM error

1 REPLY
Bronze

Re: Pix 501 Easy VPN to VPN 3005 Concentrator

You can also run lan-lan tunnel between the pix and the concentrator even if you are getting an ip address via DHCP on the pix. Here is a sample link:

http://www.cisco.com/warp/public/471/vpn3k_iosdhcp.html

If you are getting "IKE AM Responder FSM error ", that means there was some problem in tunnel negotiations or tunnel negotiations timed out. You have to enable event log severity to high ( 1-9) for IKE, IKEDBG on the concentrator to see why it is failing

Hope that helps

Jazib

81
Views
0
Helpful
1
Replies