Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN between PIX501 and PIX506E

Dear all,

I am a newbie for PIX.

I have a problem with the VPN formed by a PIX501 and a PIX506E.

I have attached the config of the two PIX, but after I enter the config to the PIX, no VPN was formed, do anyone know what's wrong with my setting?

Thank you very much.

7 REPLIES
Bronze

Re: VPN between PIX501 and PIX506E

Do you use NAT in your configuration? Because i don't see any No-NAT configuration in your script for the VPN Tunnel.

Could you post the outputs from a 'show run' command from both Pix Firewalls?

Regards,

Michael

Community Member

Re: VPN between PIX501 and PIX506E

I have atteched the running config

Thank you very much for your help

Bronze

Re: VPN between PIX501 and PIX506E

The NAT configuration should look like this:

global (outside) 1 interface

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 192.168.xxx.xxx 255.255.255.0

Did you check if the Firewalls can reach eachother?

Regards,

Michael

Community Member

Re: VPN between PIX501 and PIX506E

I am now get a error massage like

- ISAKMP malformed payload received (local 202.155.xxx.xxx (responder), reote 116.48.xxx.xxx)

Do you what's wrong this time?

Thank you very much

Cisco Employee

Re: VPN between PIX501 and PIX506E

Hi,

Looks like the problem is with your crypto map peer x.x.x.x address. Make sure that both the crypto end points are configured for the correct peer address.

If you have configured the correct crypto address and still seeing problem.

Do a "clear cry isa sa" and "clear cry ipsec sa" and then try to bring up the tunnel.

I hope it helps.

Regards,

Arul

Community Member

Re: VPN between PIX501 and PIX506E

Thanks, Arul.

But the VPN still can not form and the error message still appear.

Do you have any other idea?

I have checked that the password is matched at both PIX

Cisco Employee

Re: VPN between PIX501 and PIX506E

Hi,

From the logs that you had posted earlier, the issue was related to mismatch in crypto peer IP Addresses.

Can you post the sanitized version of configuration and full logs, if possible.

Thanks,

Arul

131
Views
0
Helpful
7
Replies
CreatePlease to create content