am having trouble getting a PIX to PIX vpn working. It's between a pix-506 firmware 6.1(1) and a pix-506 firmware 5.1(1). This is what I get when I have debug crypto ipsec, and debug crypto isakmp enabled and I try to ping from pixA to pixB:
VPN Peer: ISAKMP: Added new peer: ip:18.104.22.168 Total VPN Peers:1
I finally figured it out. There was nothing wrong with the VPN configuration, it ended up being a problem with the subnet mask on the internal interface of the remote PIX I was trying to connect to. The interface had a subnet mask of 255.255.252.0, which was causing the PIX to have a static CONNECT route of 192.168.0.0 rather then 192.168.1.0. Because the route was 192.168.0.0 and the internal interface of my PIX was also using a route of 192.168.0.0 the remote PIX wasn't routing anything back through the VPN. So I changed the subnet mask to 255.255.255.0 and everything is working great.
I hope by now you have found the answer but if not check your ACLs for allowing PING. Setup a CONDUIT to allow all ICMP or something. There is also a command called DEBUG ICMP TRACE I have found useful for allowing me to see if the ping is at least going out. You may see it gets out to the destination but is not returned. A clue. It could just be a routing issue or someone along the way filtering it.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...