Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Two out of 4 total ipsec peers don't want to cooperate....

I have two pix firewalls that do not want to talk to each other.

I am using crypto map and ISAKMP (preshared keys) for my lan to lan vpns.

PIX #1 - PIX 515 restricted, version 6.2(1)

PIX #2 - PIX 515 restricted, version 6.2(1)

PIX #3 - PIX 515 restricted, version 5.3(1) with PL2 card

PIX #4 - Pair of PIX 520s unrestricted, version 5.3(1)

Pix #'s 2 and 3 don't want to setup their VPN. When you reload the affected pixes, the tunnels come up for a short while, then go down again and stay down between 2 and 3. Pixes 2 and 3 talk fine and maintain their connections to 1 and 4 no problem. And pixes 1 and 4 maintain their connections with all peers, all the time.

Anyone have any quick thoughts?

1 REPLY
Cisco Employee

Re: Two out of 4 total ipsec peers don't want to cooperate....

Hi,

Strange one.. actually would be a good bet to maybe get the debugs when they are not working or wen the tunnel drops (debug crypto isamp, debug crypto ipsec) and let the TAC look for any specific bugs on this or else file a new one. Also if the VPNs are terminating on different Interfaces with different connections, might want to consider that too...

Hope this helps,

Regards,

Aamir

-=-

83
Views
0
Helpful
1
Replies