Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member


dear sir

i am trying to configure ip tunnel in cisco pix 515 i get the configuration from our configuration our customer it but i am not able to establish the connection.

can some body help.

here is my configuration as per per our client and debug test

access-list inside_outbound_nat0_acl permit ip host

access-list outside_cryptomap_20 permit ip host

nat (inside) 0 access-list inside_outbound_nat0_acl

sysopt connection permit-ipsec

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto map outside_map 20 ipsec-isakmp

crypto map outside_map 20 match address outside_cryptomap_20

crypto map outside_map 20 set peer

crypto map outside_map 20 set transform-set ESP-DES-MD5

crypto map outside_map 20 set security-association lifetime seconds 28800 kilobytes 7200

crypto map outside_map interface outside

isakmp enable outside

isakmp key ******** address netmask no-xauth no-config-mode

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption des

isakmp policy 20 hash md5

isakmp policy 20 group 1

isakmp policy 20 lifetime 7200

debug test

ISAKMP (0): beginning Main Mode exchange

ISAKMP (0): retransmitting phase 1 (0)...IPSEC(key_engine): request timer fired:

count = 1,

(identity) local=, remote=,

local_proxy= (type=1),

remote_proxy= (type=4)

ISAKMP (0): retransmitting phase 1 (1)...

ISAKMP (0): deleting SA: src, dst

ISADB: reaper checking SA 0xf9fc6c, conn_id = 0 DELETE IT!

VPN Peer:ISAKMP: Peer Info for not found - peers:0

IPSEC(key_engine): request timer fired: count = 2,

(identity) local=, remote=,

local_proxy= (type=1),

remote_proxy= (type=4)




Re: ipsec

assuming a lan-lan vpn tunnel is the aim, the acls are inaccurate.

access-list inside_outbound_nat0_acl permit ip

access-list outside_cryptomap_20 permit ip