Two out of 4 total ipsec peers don't want to cooperate....
I have two pix firewalls that do not want to talk to each other.
I am using crypto map and ISAKMP (preshared keys) for my lan to lan vpns.
PIX #1 - PIX 515 restricted, version 6.2(1)
PIX #2 - PIX 515 restricted, version 6.2(1)
PIX #3 - PIX 515 restricted, version 5.3(1) with PL2 card
PIX #4 - Pair of PIX 520s unrestricted, version 5.3(1)
Pix #'s 2 and 3 don't want to setup their VPN. When you reload the affected pixes, the tunnels come up for a short while, then go down again and stay down between 2 and 3. Pixes 2 and 3 talk fine and maintain their connections to 1 and 4 no problem. And pixes 1 and 4 maintain their connections with all peers, all the time.
Re: Two out of 4 total ipsec peers don't want to cooperate....
Strange one.. actually would be a good bet to maybe get the debugs when they are not working or wen the tunnel drops (debug crypto isamp, debug crypto ipsec) and let the TAC look for any specific bugs on this or else file a new one. Also if the VPNs are terminating on different Interfaces with different connections, might want to consider that too...
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...