Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

pix 501 to pix 515 problem

Help required

I have set up a small home network to practice configuring

a site to site vpn on two pix firewalls using certificates

for authentication, the pix's I am using are a 515 running ios

7.0(5) and a 501 running ios 6.3(5).getting the certificates

onto the firewalls was no problem but I am not sure about

the rest of the configuration there must be a problem there

somewhere as I have tried pinging 192.168.3.2 from 192.168.1.2

and vice versa but am unable to establish a tunnel.

I have included the firewall configs and the network layout

as attachments and would appreciate it if someone could take

a look and see if I have done anything wrong.

the only thing I tried was to change was isakmp identity hostname

to isakmp identity address but this made no difference.

regards

Melvyn brown

3 REPLIES
New Member

Re: pix 501 to pix 515 problem

Melvyn-

Is that the entire config for the 515? I didn't go over it with a fine-tooth comb, but there is no Global statement on it.

HTH,

Paul

New Member

Re: pix 501 to pix 515 problem

hi

thanks for taking the trouble to look at this

yes that is the entire config for the 515

what global statement is missing

Regards

Melvyn

New Member

Re: pix 501 to pix 515 problem

Melvyn-

I've never tried using a PIX solely for a VPN tunnel, but I assume this still applies. You need:

global (outside) 1 interface

which you do have on the 501.

Paul

106
Views
0
Helpful
3
Replies