08-21-2006 08:44 PM - edited 02-21-2020 02:35 PM
Hello all. I need some help. I am trying to get a 501 and a 515 to do a site to site vpn together. Im not sure where I am going wrong. I have attached the two configs of a test lab I have setup. I am trying to do DES encryption also. I would be glad to hear your comments on the configs to let me know where I have gone wrong. Thanks to you.
08-21-2006 09:02 PM
Hi,
The acls that you use in crypto maps must be an exact mirror image in the peers. This condition is not adhered in the configuration.
Check the following url for crypto map conditions that should match for successfull Security association.
Correct statements
*******************
In 515 PIX, the acl 110 should be as follows
access-list 110 permit ip 10.10.10.0 255.255.255.0 10.20.20.0 255.255.255.0
In 501 pix the acl 100, should be as follows
access-list 110 permit ip 10.20.20.0 255.255.255.0 10.10.10.0 255.255.255.0
HTH
-VJ
08-21-2006 09:27 PM
Wow, thanks. Didnt know it had to be THAT specific. Thanks again.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide