We had 'someone' touch our FW w/o regard to it's current config. doing so; they overwrote a FW config that we (new to this particular configuration as we did not build it) in doing so. Below is the current config that we have modified to get VPN back up.
I've attached a document that has 1. Current aSA config
2. Current PIX Config
3. Logging Messages on ASA after changes to both
Could it be the crypto map??? What are we missing.
Seems to me that Phase1 and Phase2 match on the ASA and PIX. Also seems that Crypto Maps are attached and ISAKMP enabled on the external interface.
Have you confirmed that there is no missmatch with the PSK/Pre Shared Key of the L2L VPN connection?
Also what is the network 10.10.10.0/24 configured on the ASA side? There is no "route" configured for that network on the ASA where its supposed to be located at.
Also the "access-list 101" doesnt seem to contain the line for 10.10.10.0/24 -> 192.168.14.0/24 network but contains one for the 192.168.11.0/24 -> 192.168.14.0/24
So I could only find missing NAT0 ACL rule and missing route for one L2L VPN source network in the configuration
Though the output at the bottom wold seem to indicate that the Phase1 MSG1 is sent but it doesnt get beoynd that. It keeps waiting for the MSG2 which would mean that the PIX is not replying to the negotiation or the MSG1 is not going through to the PIX?
Can you see anything in the PIX with the command
show crypto isakmp sa
When you are attempting to negotiate the tunnel up?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...