I am trying to set up a Hardware Client to the 3000 from the Pix 501, using the Easy VPN option. SInce the users can only get Cable Modem with dynamic IP addresses, this is my only option.
I have a couple of Lan to Lan and Client connections currently on the 3000. This is the first Hardware Client I have attempted. The 3000 is running Software version 3.6.5 code and the Pix 501 is running Software version 6.2 with 3DES option.
When the Pix is connected I can browse the Internet with no problem, but it never completes the VPN Tunnel on the 3000. I get the following error in the 3000 log no matter what I do. Does anyone have a suggestion ?
If you are getting "IKE AM Responder FSM error ", that means there was some problem in tunnel negotiations or tunnel negotiations timed out. You have to enable event log severity to high ( 1-9) for IKE, IKEDBG on the concentrator to see why it is failing
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...