I am really stuck on this one. I want to configure a VPN between 3 pix 515 devices. PixA will connect to PixB and PixC, but pixB and PixC will not connect directly.
I have successfully created the VPN between PixA and PixB. I am now trying to configure PixA to connect to PixC on another interface (ethernet2), and the ISAKMP phase 2 is failing with a "SA NOT ACCEPTABLE" error. I relaxed my acl to accept any ip, but am no farther ahead.
Can I use the same ACL for both tunnels?
That is what I am trying to do...
Can I simply create a new map and apply it to ethernet2, and use the same isakmp policy?
Here is the crypto / isakmp configs. Again, PixA to PixB works. PixA to PixC does not.
ip address outside xxx.yyy.6.19 255.255.255.248
ip address inside 192.168.3.5 255.255.255.0
ip address outside2 aaa.bbb.80.80 255.255.255.0
access-list 101 permit ip any any
access-list outside_access_in permit ip any 192.168.3.0 255.255.255.0
access-list outside_access_in permit ip any aaa.bbb.80.0 255.255.255.0
access-group outside_access_in in interface outside
access-group outside_access_in in interface outside2
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...