11-13-2007 10:25 AM - edited 02-21-2020 03:22 PM
i have two PIX runing version 6.3(3) and 7.1(1). Following is my topology and attached config showing running configuration and debugs.
(PC)172.16.10.10/24<-->172.16.10.1/24-PIX(6.3)--1.1.1.2/30---WAN(X-Over cable)---1.1.1.1/30--PIX(7.1)--10.10.10.1/24<--->10.10.10.10/24(PC)
What am i missing?
Thanks
Solved! Go to Solution.
11-13-2007 11:12 AM
By the way, this is the only thing that catches my attention from the 6.3 debugs you provided:
ISAKMP (0): SA is doing pre-shared key authentication using id type ID_FQDN
One thing you can try is to set the ISAKMP identities on both sides:
isakmp identity address (on the 6.3 side)
cry isakmp identity address (on the 7.x side)
11-13-2007 10:54 AM
Hello,
I don't see anything wrong with the configuration. Nothing seems to be missing.
Could you you enable ISAKMP and IPsec debugging on the 7.x side (debug cry isakmp 128 and debug cry ipsec 128) to get more information of where the IPsec tunnel establishment is failing?
11-13-2007 11:11 AM
change the pre-shared key on both ends to something simple and try it again.
I don't see that phase 1 is even completing.
11-13-2007 12:14 PM
I was using ciscocisco as pre-shared key
11-13-2007 11:12 AM
By the way, this is the only thing that catches my attention from the 6.3 debugs you provided:
ISAKMP (0): SA is doing pre-shared key authentication using id type ID_FQDN
One thing you can try is to set the ISAKMP identities on both sides:
isakmp identity address (on the 6.3 side)
cry isakmp identity address (on the 7.x side)
11-13-2007 12:24 PM
Entering the following commands solved it:
isakmp identity address (on the 6.3 side)
cry isakmp identity address (on the 7.x side)
Thanks
11-13-2007 12:30 PM
Awesome, glad to see it worked.
Cheers,
Eloy Paris.-
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: