Estoy teniendo problemas para crear una VPN site-to-site, estoy utilizando los siguientes equipos: PIX 535 y un router RV082.
Mi idea es hacer que el router se conecte via VPN al PIX, ya entre al router configure todo, cuando le doy en connect se queda en Waiting for connection, y nunca conecta, ni siquiera me tira un error.
Cuando configure el PIX (que lo hago por el device manager, no por consola), me tira error en access-list, en ningun momento me pidio que colocara un access-list. :S, no se si me explique bien.
Desde ya, les agradezco por intentar ayudarme!..
I'm having trouble creating a VPN site-to-site, I am using the following equipment: PIX 535 and a RV082 router.
My idea is to make the router to connect via VPN to the PIX, and enter the router set up everything, when I give to connect remains in Waiting for connection, and never connects, even shoot me an error.
When you configure the PIX (which I do by the device manager, not console) throws me error access-list, at no time asked me to place an access-list. : S do not know if I explain well.
Of course, I thank you for trying to help me! ..
Solved! Go to Solution.
If you are setting up Easy VPN the following configuration example should help:
If you are not using EasyVPN can you provide the VPN configuration from each side, please remove any sensitive information such as public ip addresses, passwords or pre-shared keys before posting in this forum.
Thank you for your prompt response.
Do not quite understand, but you're telling me the option to use Easy VPN?.
Anyway I can not access the link I append
I pasted the wrong link, can you try this one:
Will you be able to provide the VPN configuration, again with not passwords, keys or addressing?
I made it through vpn wizard that has the device manager and it does so:
isakmp key xxxxx address 190.x.x.x netmask 255.255.255.xxx.xxx no-xauth no-config-mode
access-list Libre_outbound_nat0_acl line 1 permit ip ost 126.96.36.199 host 16x.xxx.x.xxx
nat (Libre) 0 access-list Libre_outbound_nat0_acl
access-list outside_cryptomap_20 permit ip host 19x.xx.xx.xx host 16x.xxx.x.xxx
crypto map outside_map 20 set peer 190.x.x.x
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set transform-set ESP-3DES-MD5
crypto map outside_map 20 set security-association lifetime seconds 28800 kilobytes 4608000
sysopt connection permit-ipsec
In the IPsec traffic selector, changing the interface to one that is not used (in this case "Libre"), but really that part that I need to place the servers in use (for example: production and exchange), and there gave me error in access-list.
Thank you very much Loren
|Tunnel Name :||fccf|
Local Group Setup
|Local Security Gateway Type :|
|IP Address :||19x.xxx.xxx.xxx|
|Local Security Group Type :|
|IP Address :||192.168.x.xx|
Remote Group Setup
|Keying Mode :|
|Phase 1 DH Group :|
|Phase 1 Encryption :|
|Phase 1 Authentication :|
|Phase 1 SA Life Time :|
|Perfect Forward Secrecy :|
|Phase 2 DH Group :|
|Phase 2 Encryption :|
|Phase 2 Authentication :|
|Phase 2 SA Life Time :|
|Preshared Key :||xxxxxx|
I am not familar with this configuraiton utility, but that does look like the correct area to put the Pix IP address.
Would it be possible to get the isakmp configuraiton from the Pix, or can you check to make sure there is a isakmp policy that matches the phase 1 and phase 2 settings from the router.
authentication pre-shared key
dh group 1
there does appear a phase 2 mismatch between the Pix and the router
the router has DES encryption and the pix has 3DES encryption, can you change the router phase 2 encryption type to be 3DES?
DES encryption excuse the the router configuration You have the 3DES encryption and pix, can you change the router encryption type to be 3DES phase 2? Ç
This because as you say, did nothing more than to prove it just like that one.
With respect to the pix isakmp configuraiton appears this: isakmp key xxxxx netmask 190.xxx address no-xauth 255.255.255.xxx.xxx no-config-mode, key in the router where it says add it Preshared Key: xxxxx is exactly the same as it is easy and short, did everything as evidence, still not working.
Loren really thank you very much for the help you are giving.