Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

PIX to PIX VPN trouble

I pretty much copied these from a working config. However I am unable to create a tunnel between these 2 sites.

sh crypto ipsec sa

gives me no activity on either side.

VPN lights are off on both PIX's

I know i have some excess ACL's that dont do anything at the moment, but I am confused as to why this VPN isnt working.

I have attached the Primary site and Remote site configs.

Any help would be appreciated!

Cisco Employee

Re: PIX to PIX VPN trouble

What is the source and destination IP Addresses that you are initiating traffic. Also, can you post the outputs of "deb cry is" and "deb cry ipsec" from the pixes when you try and bring up the tunnel.



Community Member

Re: PIX to PIX VPN trouble

I could really use some help here. I am at a loss as to what to do next.. Thanks!

Cisco Employee

Re: PIX to PIX VPN trouble

Can you do a show logging and see if logging is enabled on the pix to capture the debug outputs.

If console logging is disabled, then enable it by;

logging console debugging

logging on

and then see if you are seeing any debugs on the pix.




Re: PIX to PIX VPN trouble

Please verify your ACL's are correct, both for you cryptomaps and your nat 0 statements on both firewalls.

Make sure preshared keys match, and the peers are correct for both sides.

If you have verified all of these things, then please do the aforementioned debugging.

Are the outside interface IP's being nat'ed to anything? ie, is there a NAT device somewhere between the PIXes?

CreatePlease to create content