Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Problem establishing tunnel PIX -> VPNC


I'm trying to establish a tunnel from a PIX to a VPN Concentrator, but the tunnel does not come up. The PIX tries to establish, but somehow, it can't.

On the VPN Concentrator, I have the attached notifications in the event log.

Could you provide me with a possible solution or action to take?



Re: Problem establishing tunnel PIX -> VPNC

it's a bit hard to troubleshoot without reading the config.

below is the sample codes for pix lan-lan vpn:

access-list 101 permit ip

access-list 121 permit ip

ip address outside

ip address inside

global (outside) 1 interface

nat (inside) 0 access-list 101

nat (inside) 1 0 0

sysopt connection permit-ipsec

crypto ipsec transform-set myset esp-3des esp-md5-hmac

crypto map myvpn 10 ipsec-isakmp

crypto map myvpn 10 match address 121

crypto map myvpn 10 set peer

crypto map myvpn 10 set transform-set myset

crypto map myvpn interface outside

isakmp enable outside

isakmp key cisco123 address netmask no-xauth no-config-mode

isakmp identity address

isakmp nat-traversal 20

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

for the concentrator, go administration > file management, click "view" on the file "config", save a copy and post it. one point needs to be noticed is that public ips needs to be masked.

New Member

Re: Problem establishing tunnel PIX -> VPNC

Thanks for the reply...

I forgot to update this Q last friday after I've got it up and running. Problem was that our VPNC is in a DMZ. The firewall had a route in place which screwed up the return-route from the VPNC to the PIX; no traffic ever returned to the initiating PIX.

After removing that faulty route in the firewall, everything worked like a charm.

Strange thing was that we have more of such VPN-tunnels in place, but only this one gave problems.

Thanks again, and a good new year to you!


Re: Problem establishing tunnel PIX -> VPNC

it's good to learn that your issue has been resolved.

happy new year!