Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Site-to-site VPN between ASA 5500 and PIX 501

I admit that I'm rather new to Cisco gear and I'm trying to setup a VPN between a PIX 501 (version 6.3(3)) and an ASA 5500 (version 7.0(7)) but am unable to get the VPN tunnel up.

Originally, there were multiple remote sites with 501s connecting back to the main site's 501. The main site's 501 is being replaced by the ASA so basicallly, all I did was change the IP the remote was using to point to the new IP of the host ASA and then setup the VPN config on the ASA using the VPN Wizard. To me it all looks like it should work. It's late and I'd appreciate any help, direction and/or suggestions to what I'm doing wrong.

I've attached a doc with both configs (IP changed from actual but you should still be able to figure it out).

ASA IP 172.16.2.56/27

PIX IP 172.16.1.250/29

Thanks!

3 REPLIES
Community Member

Re: Site-to-site VPN between ASA 5500 and PIX 501

You can start by adjusting the acls on the asa

instead of

"

access-list inside_nat0_outbound extended permit ip 10.0.0.0 255.255.255.0 10.0.0.0 255.255.255.0

access-list outside_cryptomap_20 extended permit ip 10.0.0.0 255.255.255.0 10.0.0.0 255.255.255.0"

you need

"

access-list inside_nat0_outbound extended permit ip 10.0.0.0 255.255.255.0 10.0.8.0 255.255.255.0

access-list outside_cryptomap_20 extended permit ip 10.0.0.0 255.255.255.0 10.0.8.0 255.255.255.0

Community Member

Re: Site-to-site VPN between ASA 5500 and PIX 501

Oops, actually what I have in the config is correct, or what you have. I think I messed it up trying to fix the line break when I copied it from my console session. Sorry, but still doesn't seem to work.

Community Member

Re: Site-to-site VPN between ASA 5500 and PIX 501

Figured it out.

214
Views
0
Helpful
3
Replies
CreatePlease to create content