I'm very new to cisco equipment and was hoping someone could help me with this issue I have. I am trying to set up a VPN from a cisco 837 router that I have to another company, which I think is using a PIX. After some tweaking I managed to set the same VPN up from another site we have, which uses a 3000 concentator. However after using cisco SDM and using as many commands as I know how I cannot get the VPN tunnel to come up. Essentailly I want <server1> and <server2> (as shown in the attached show run) to be able to access 192.168.0.100 that is off of my 837 router. Any help would be very gratefully received.
I do not know if you have this sorted out yet or not. But assuming that it is not (since there is no update to the forum about it) I will make a guess at the problem and possible solutions.
I am guessing that the VPN that you set up from the other site had fixed IP addresses on both ends. In what you are trying to set up here the dialer interface has address negotiated. And since you do not specify the source address for IPSec it will default to using the address of the outbound interface which is dialer 0 which gets assigned dynamically. I am guessing that the PIX is not set up for a dynamic address on its peer.
One way to make this work would be to have the PIX configured with a dynamic crypto map which will allow the PIX to establish IPSec with devices whose addresses it does not know ahead of time. If the administrators of the PIX are willing to do this it could be a solution to your problem.
Another possible solution to the problem would be to specify the source address using an interface that the PIX can get to. Since the traffic should be reaching 192.168.0.100 can we assume that interface Ethernet 0 is reachable from the PIX? If so then try adding this to the config:
crypto map SDM_CMAP_1 local-address Ethernet0
This will get IPSec to use the Ethernet 0 as the source address and the PIX would have a fixed address to use as its peer address.
Do you know how they have configured the PIX for this IPSec connection? Knowing this might make it easier to pick the best solution.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...