Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN site to site Pix 525 ver7.2(2) and Pix 501 ver 6.3

Hi !!

I have problems establishing a vpn between two pix.

The first pix 525 has version 7.2 (2) another Pix has version 6.3 this one is not administered by my person.

The phase establishes 1 but send the messages attached

can help me

Thank you

1 ACCEPTED SOLUTION

Accepted Solutions

Re: VPN site to site Pix 525 ver7.2(2) and Pix 501 ver 6.3

I'm glad you have it working now :)

Please rate helpful posts.

Regards

Farrukh

6 REPLIES

Re: VPN site to site Pix 525 ver7.2(2) and Pix 501 ver 6.3

Are you sure your crypto ACLs are mirror images of each other? Can you post the crypto configs of both devices.

Regards

Farrukh

Community Member

Re: VPN site to site Pix 525 ver7.2(2) and Pix 501 ver 6.3

Excuseme for be late with my answer.

Those are the conf in both pixes.

thank for your help

Re: VPN site to site Pix 525 ver7.2(2) and Pix 501 ver 6.3

You access-list on the 7.x firewall should be a mirror image (opposite) of the one on the 6.x firewall, currently it is not:

access-list 102 extended permit ip host 192.168.1.3 host 10.32.0.41

it should be:

access-list 102 extended permit ip host 10.32.0.41 host 192.168.1.3

Secondly you are missing this line:

crypto map TLF 102 match address 102

Also try to remove extra lines in ACL 102, try to keep same number of lines (configured as mirror) of opposite vpn gateway.

Regards

Farrukh

Community Member

Re: VPN site to site Pix 525 ver7.2(2) and Pix 501 ver 6.3

thank you !!

Thank you !!

its works !!

every think its working !!!

Re: VPN site to site Pix 525 ver7.2(2) and Pix 501 ver 6.3

I'm glad you have it working now :)

Please rate helpful posts.

Regards

Farrukh

Community Member

Re: VPN site to site Pix 525 ver7.2(2) and Pix 501 ver 6.3

thank you !!! i was so sad because i had one week with this problem, thank you

188
Views
0
Helpful
6
Replies
CreatePlease to create content