11-12-2008 08:55 AM - edited 02-21-2020 03:05 AM
Long time reader, first time post.
I am trying to create a site-to-site tunnel between two 501 PIXs. I have rummaged through multiple forums and Cisco white papers and I cannot create this tunnel. Any help would be appreciated.
I have done a debug crypto ipsec and debug crypto isakmp. I get nothing on both sidesâ¦just a cursor blinking back at me.
Attached are my configs.
thanks in advance,
Solved! Go to Solution.
11-12-2008 09:24 AM
Hi David,
Couple of things:
1. Make sure that you have logging enabled to see the debugs.
Logging on
Logging Buffered Debugging
2. Also, where are you initiating the IPSEC Traffic. It has to be from a host behind the Pix 501. You cannot initiate IPSEC Traffic from the pix itself.
Regards,
Arul
*Pls rate if it helps*
http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/gl.html#wp1028090
11-12-2008 09:24 AM
Hi David,
Couple of things:
1. Make sure that you have logging enabled to see the debugs.
Logging on
Logging Buffered Debugging
2. Also, where are you initiating the IPSEC Traffic. It has to be from a host behind the Pix 501. You cannot initiate IPSEC Traffic from the pix itself.
Regards,
Arul
*Pls rate if it helps*
http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/gl.html#wp1028090
11-12-2008 09:59 AM
I was just getting ready to reply to my original post. I think by posting, it scared the VPN tunnel into working. Not sure what I did, but its working. I think possibly clearing crypto ipsec sa and clear crypto isakmp sa helped even though I had tried this before. Thank you very much for the quick response.
Case closed!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: