Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

need help setting up L2L vpn on pix 501

I have a pix 501 firewall that I need to setup a site to site ipsec tunnel with a remote peer. The inside subnet on my pix is For this discussion purpose, let's say my pix's outside ip is  and the remote peer ip is

The tunnel needs are as follows: Local IP of needs to communicate with remote ip of

I have to NAT my local ip of to the ip address of before it traverses the tunnel to the remote end.

I have setup the following, but I don't see any indication of phase 2. I see phase 1 completing, but nothing for encaps/decaps when I do a "show cry ipsec sa"

Here is the related config, minus the encryption parameters. please review and see if there are any issues with it, I'm particularly concerned about whether or not I'm NAT'ng correctly.

access-list 101 remark ***Crypto ACL for traffic to remote peer***
access-list 101 permit ip host host

access-list VPN_NAT remark ***Policy NAT for VPN traffic***
access-list VPN_NAT permit ip host host

static (inside,outside) access-list VPN_NAT 0 0

ip address outside
ip address inside

crypto map VPN 10 ipsec-isakmp
crypto map VPN 10 match address 101
crypto map VPN 10 set peer
crypto map VPN 10 set transform-set VPN
crypto map VPN interface outside
isakmp enable outside
isakmp key ******** address netmask


Re: need help setting up L2L vpn on pix 501

You need to check the remote firewall configs do.

1. crypto map VPN 10 set transform-set VPN

What have you set. Is it sameon both ends ?

2. isakmp key ******** address netmask

Are us sure about the key which u have added in this.


CreatePlease to create content