Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN initiated from one side only

i have site-site VPN setting. PIX to Cisco ios.

i can only initiate the VPN sesion from Cisco ios. but not from the PIX.

what could be wrong

1 REPLY
Cisco Employee

Re: VPN initiated from one side only

Difficult to say without debugs, but it's generally a timer issue. You need to make sure the Phase 1 timer is the same on both sides. The router defaults to 86400 seconds (24 hours), whereas the PIX defaults to 28800 seconds (8 hours).

Try doing either this on the router:

> cry isakmp policy xx

lifetime 28800

or this on the PIX:

> cry ipsec security-assoc lifetime seconds 86400

Othern than that make sure your crypto ACL's are the exact opposite of each other.

109
Views
0
Helpful
1
Replies
CreatePlease to create content