Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

pix to pix vpn config

Hello all. I need some help. I am trying to get a 501 and a 515 to do a site to site vpn together. Im not sure where I am going wrong. I have attached the two configs of a test lab I have setup. I am trying to do DES encryption also. I would be glad to hear your comments on the configs to let me know where I have gone wrong. Thanks to you.

2 REPLIES

Re: pix to pix vpn config

Hi,

The acls that you use in crypto maps must be an exact mirror image in the peers. This condition is not adhered in the configuration.

Check the following url for crypto map conditions that should match for successfull Security association.

http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a0080637127.html#wp1042707

Correct statements

*******************

In 515 PIX, the acl 110 should be as follows

access-list 110 permit ip 10.10.10.0 255.255.255.0 10.20.20.0 255.255.255.0

In 501 pix the acl 100, should be as follows

access-list 110 permit ip 10.20.20.0 255.255.255.0 10.10.10.0 255.255.255.0

HTH

-VJ

New Member

Re: pix to pix vpn config

Wow, thanks. Didnt know it had to be THAT specific. Thanks again.

110
Views
5
Helpful
2
Replies
CreatePlease login to create content