Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Problem establishing tunnel PIX -> VPNC

Hi,

I'm trying to establish a tunnel from a PIX to a VPN Concentrator, but the tunnel does not come up. The PIX tries to establish, but somehow, it can't.

On the VPN Concentrator, I have the attached notifications in the event log.

Could you provide me with a possible solution or action to take?

Thanx!

3 REPLIES
Gold

Re: Problem establishing tunnel PIX -> VPNC

it's a bit hard to troubleshoot without reading the config.

below is the sample codes for pix lan-lan vpn:

access-list 101 permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list 121 permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0

ip address outside 1.1.1.2 255.255.255.0

ip address inside 192.168.2.1 255.255.255.0

global (outside) 1 interface

nat (inside) 0 access-list 101

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

sysopt connection permit-ipsec

crypto ipsec transform-set myset esp-3des esp-md5-hmac

crypto map myvpn 10 ipsec-isakmp

crypto map myvpn 10 match address 121

crypto map myvpn 10 set peer 1.1.1.1

crypto map myvpn 10 set transform-set myset

crypto map myvpn interface outside

isakmp enable outside

isakmp key cisco123 address 1.1.1.1 netmask 255.255.255.255 no-xauth no-config-mode

isakmp identity address

isakmp nat-traversal 20

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

for the concentrator, go administration > file management, click "view" on the file "config", save a copy and post it. one point needs to be noticed is that public ips needs to be masked.

New Member

Re: Problem establishing tunnel PIX -> VPNC

Thanks for the reply...

I forgot to update this Q last friday after I've got it up and running. Problem was that our VPNC is in a DMZ. The firewall had a route in place which screwed up the return-route from the VPNC to the PIX; no traffic ever returned to the initiating PIX.

After removing that faulty route in the firewall, everything worked like a charm.

Strange thing was that we have more of such VPN-tunnels in place, but only this one gave problems.

Thanks again, and a good new year to you!

Gold

Re: Problem establishing tunnel PIX -> VPNC

it's good to learn that your issue has been resolved.

happy new year!

127
Views
0
Helpful
3
Replies