03-29-2006 08:27 AM - edited 02-21-2020 12:48 AM
Hi I am trying to create a Site-to-Site VPN connection between a Nortel box and a Pix 525. I am able to get phase 1 up in QM-IDLE status but not able to get phase 2 working. I think there is a routing/nat problem but I am not sure. The inside network on the pix is a public address 63.xx.xx.xx and we need to nat this to another public address 65.xx.xx.xx This setup is a little different form a normal connection since the vpn peer is on the 65.xx.x.xx network and the hosts are supposed to be as well. We also had to bring in another t1 in addition to the main t1 for internet access. So this vpn connection is supposed to be off another inerface on the pix. We can not let the other site of the vpn connection know of the 63.xx.xx.xx network. Is it possible to have the peer and the host on the same network? Thanks for your help.
Just a little more info. This is what I get when I debug ipsec.
PH-PH-PIX-01(config)# IPSEC(key_engine): got a queue event...
IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
IPSEC(key_engine_delete_sas): delete all SAs shared with 205.xx.xx.xx
IPSEC(key_engine): got a queue event...
IPSEC(spi_response): getting spi 0xf3b5fbb2(4088789938) for SA
from 205.xx.xx.xx to 65.xx.xx.xx for prot 3
IPSEC(key_engine): request timer fired: count = 1,
(identity) local= 65.xx.xx.xx, remote= 205.xx.xx.xx,
local_proxy= NET_INSIDE/255.255.255.128/1/0 (type=4),
remote_proxy= XX_PC/255.255.255.255/1/0 (type=1)
IPSEC(key_engine): got a queue event...
IPSEC(spi_response): getting spi 0xf5efb422(4126127138) for SA
from 205.xx.xx.xx to 65.xx.xx.xx for prot 3
IPSEC(key_engine): request timer fired: count = 2,
(identity) local= 65.xx.xx.xx, remote= 205.xx.xx.xx,
local_proxy= NET_INSIDE/255.255.255.128/1/0 (type=4),
remote_proxy= XX_PC/255.255.255.255/1/0 (type=1)
IPSEC(key_engine): got a queue event...
IPSEC(spi_response): getting spi 0x1e70383f(510670911) for SA
from 205.xx.xx.xx to 65.xx.xx.xx for prot 3
IPSEC(key_engine): request timer fired: count = 1,
(identity) local= 65.xx.xx.xx, remote= 205.132.5.170,
local_proxy= NET_INSIDE/255.255.255.128/1/0 (type=4),
remote_proxy= XX_PC/255.255.255.255/1/0 (type=1)
IPSEC(key_engine): got a queue event...
IPSEC(spi_response): getting spi 0x331f908b(857706635) for SA
from 205.xx.xx.xx to 65.xx.xx.xx for prot 3
IPSEC(key_engine): request timer fired: count = 2,
(identity) local= 65.xx.xx.xx, remote= 205.xx.xx.xx,
local_proxy= NET_INSIDE/255.255.255.128/1/0 (type=4),
remote_proxy= XX_PC/255.255.255.255/1/0 (type=1)
IPSEC(key_engine): got a queue event...
IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
IPSEC(key_engine_delete_sas): delete all SAs shared with 205.xx.xx.xx
03-30-2006 05:51 AM
Any help on this would be greatly appreciated. Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide