Re: Site to Site VPN between 515E & 501, initiates one side only

focusamsterdam · ‎07-26-2006

Hi,

I've setup a 515E (7.05) and a 501 (6.35) connected via a Site to Site VPN.

All seems okay except for that the VPN tunnel can only be initiated from the 501.

Via logging I found that when I initiate from 515E I'm getting a FIN Timeout (no packets receive the 501 at all)

The Tunnel Policy on the 515E is set to Bidirectional so that should be okay.

Does anyone recognizes this problem?

Cheers,

FA

kelvindam · ‎07-26-2006

Yeah,

I have seen it once after an upgrade.

For some reason I needed to reboot the 515E, that maybe do the trick.

focusamsterdam · ‎08-08-2006

Did that but it didn't solve the problem. I'm going to try a second ADSL line over here (other ISP) maybe something is blocking the initiate request. I've got a strange feeling about the current line somehow.

abdel_n · ‎08-09-2006

Hi,

I dont think that is line issue as your 501 can initiate VPN connection.

Try to verify your access list that is used by the crypto map to trigger IPSec process (local and remote networks), or may be you are using dynamic crypto map at the 515E side that allow only incoming connections.

Good work!

e.lejeune · ‎08-23-2006

Hi

i've the same problem.

It was working in 7.1 and i migrate my 515E in 7.2, and now i can't establish the tunnel from 515E to my 506.

i've already reboot all the pix and reconfigure the VPN and nothing hapens.

My 515E manage 17 VPN LANTOLAN connections, and i get this problem only for one connection

Regards