Solved: How do i start VPN l2l initialization?

cisco_himg · ‎01-22-2010

hey there!

I have two PIX501e and trying to set up a LAN2LAN. i have all the settings in place, but for some reason its not negotioating the connection. Is there an enable command to negotiate? i have crypto enabled on both outside interfaces

busterswt · ‎01-22-2010

You need to initiate traffic from one end to the other in order for the tunnel to build. The traffic you need to generate is defined within the encryption domain. So, if you're tunneling traffic using RFC1918 IPs (ie. 192.168.x.x), be sure to ping that IP and not the public (or vice-versa).

The encryption domain defines 'interesting traffic', or traffic that the firewall determines should be passed over the tunnel and not through the Internet (or any other interface).

James

View solution in original post

busterswt · ‎01-22-2010

You need to initiate traffic from one end to the other in order for the tunnel to build. The traffic you need to generate is defined within the encryption domain. So, if you're tunneling traffic using RFC1918 IPs (ie. 192.168.x.x), be sure to ping that IP and not the public (or vice-versa).

The encryption domain defines 'interesting traffic', or traffic that the firewall determines should be passed over the tunnel and not through the Internet (or any other interface).

James

cisco_himg · ‎01-23-2010

You are right!

Funny thing i was pinging the other device and still nothing, however, when i started AT the other device and pinged me, the tunnel came right up. i guess i was pinging from the wrong side

thank you again!