I'm having a very hard time getting my PIX 515's to terminate point-to-point VPN tunnels. I'm using the free DES encryption and I don't even see the attempting IKE negotiations. I have tried setting this up with the VPN wizard within the PDM and my latest attempt is from the command line. However I did manage to get one of the 515s to terminate VPN connections from the Cisco VPN client version 4.0. Ive also run the several debugs and clear commands to force the pix to renegotiate phase 1 and 2 security associations. During the debugging I dont see anything, but I do see the VPN clients connections coming in. I have even tried without the client configuration statements, and obviously had no luck. Here are my PIX configuration lines below.
I only see the config for one pix. We will need to see the other as well. I actually can't seem to find anything wrong with this config except a couple of general no-no's not having to do with VPN.
One that might make a difference is get rid of the "access-list inside_access_in permit ip any any" and "access-group inside_access_in in interface inside" because that may keep you from actually pinging past that interface.
Let's start with how you're doing the debugs. Which are you enabling and how are you testing it. I generally use:
debug crypto ipsec
debug crypto isakmp
debug crypto engine
then I ping something on the other net in your case you will be pinging something on the 172.16.2.xxx network.
If you don't get any debugs then make sure you get rid of that access-list I mentioned from above and try again.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :