Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Pix 501 issues


Have a bunch of sites connecting using 501's.(IPSEC)

Two sites upgraded their dsl line and when trying to configure the VPN tunnel at each site to point to 6 other sites I was able to get 4 tunnels up with a lot of difficulties and I even had to bounce one of the pix to resolve this problem.(I'm replacing the pre-share key as well)

Is there a specific order to enter the commands so I do not have such a hard time to bring this ipsec tunnels up? here is the sequence I'm following:

no isakmp key ******* address x.x.x.x

iskamp key newkey address x.x.x.x

no crypto vpn interface outside

crypto map vpn xx ipsec-isakmp

crypto map vpn xx match address access-list

crypto map vpn xx set peer x.x.x.x

crypto map vpn xx set transform-set set

crypto map vpn interface outside

Is this order correct or am I doing it wrong.

Advise please,


Re: Pix 501 issues

when you play with isakmp, you probably want to enter a "no isakmp enable outside" command to shut it down, and after your last isakmp configuration command, enter a "isakmp enable outside" to fire up the isakmp daemon with the new config

CreatePlease to create content