Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
246
Views
5
Helpful
2
Replies

pix to pix vpn config

jjoseph01
Level 3
Level 3

‎08-21-2006 08:44 PM - edited ‎02-21-2020 02:35 PM

Hello all. I need some help. I am trying to get a 501 and a 515 to do a site to site vpn together. Im not sure where I am going wrong. I have attached the two configs of a test lab I have setup. I am trying to do DES encryption also. I would be glad to hear your comments on the configs to let me know where I have gone wrong. Thanks to you.

Labels:
Preview file
3 KB
Preview file
3 KB
0 Helpful
2 Replies 2

vijayasankar
Level 4
Level 4

‎08-21-2006 09:02 PM

Hi,

The acls that you use in crypto maps must be an exact mirror image in the peers. This condition is not adhered in the configuration.

Check the following url for crypto map conditions that should match for successfull Security association.

http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a0080637127.html#wp1042707

Correct statements

*******************

In 515 PIX, the acl 110 should be as follows

access-list 110 permit ip 10.10.10.0 255.255.255.0 10.20.20.0 255.255.255.0

In 501 pix the acl 100, should be as follows

access-list 110 permit ip 10.20.20.0 255.255.255.0 10.10.10.0 255.255.255.0

HTH

-VJ

jjoseph01
Level 3
Level 3
In response to vijayasankar

‎08-21-2006 09:27 PM

Wow, thanks. Didnt know it had to be THAT specific. Thanks again.

0 Helpful
Customers Also Viewed These Support Documents