Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

New Member

PIX-IOS VPN

Hi,

I have a 3DES Tunnel between a PIX (6.22) and IOS. However i am having problems in initiating the Tunnel from the PIX side. In brief

1. Initiate traffic from the IOS Side to PIX. Tunnel gets setup and everything works.

2. Initiate traffic from the PIX Side to IOS. Tunnel doesn't get setup. With Debug for Crypto turned-on the PIX, i don't even see any messages. I do see the "send errors" counter being incremented in

++++++++++++++++++++++++++++++++++++++++++=

local ident (addr/mask/prot/port): (172.16.0.0/255.255.0.0/0/0)

remote ident (addr/mask/prot/port): (172.28.2.0/255.255.255.0/0/0)

current_peer: xxxx

PERMIT, flags={origin_is_acl,}

#pkts encaps: 514, #pkts encrypt: 514, #pkts digest 514

#pkts decaps: 577, #pkts decrypt: 577, #pkts verify 577

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0

#send errors 15, #recv errors 0

++++++++++++++++++++++++++++++++++==

Any Help ?

1 REPLY
New Member

Re: PIX-IOS VPN

Got it working after i removed and applied the Crypto Map on the outside interface.

I had the map already applied but had made a change in one of the ISAKMP policies and matching address lists.

Why do you have to apply\reapply the map after making a change ? Shouldn't the change be dynamic ?

\\ Naman

92
Views
0
Helpful
1
Replies
CreatePlease to create content