Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

pix506 -> vpn3030: cannot establish ipsec channel

We have some problems with pix and vpn3030 setup at a customers site. We have lan2lan connections via ipsec from a pix 506 (6.1(1)) and VPN3030 (3.1).

Everything is fine, if i configue the access-list on the pix as:

access-list 101 permit ip 192.168.0.0 255.255.0.0 10.0.0.0 255.0.0.0

the channel can be established from both sides.

If i configure:

access-list 101 permit ip 192.168.0.0 255.255.0.0 any

it will not work! i can establish a channel from behind the vpn gateway, this channel will live about 2 minutes, when no data, but i cannot establish a channel from my remote lan. I see ipsec sessions for a second on the vpn3030, but no data is transmitted.

any ideas?

1 REPLY
New Member

Re: pix506 -> vpn3030: cannot establish ipsec channel

Problem solved

access-list 101 permit ... any

will work, if the corresponding settings on the 3030 are configured in the same way, as a connection from a net 192.168.0.0 to any.

101
Views
0
Helpful
1
Replies
CreatePlease to create content