Site-to-Site VPN between PIX and VPN 3000 fails phase 1
I am trying to setup a site-to-site VPN with pre-shared keys between a Cisco PIX 515-R running 6.3(1) and a VPN 3000 concentrator running ASA 7.0(5). However, phase 1 never completes and sh crypto isakmp sa displays the state MM_KEY_EXCH. I have successfully created other site-to-site VPNs on the PIX with other PIXen and Cisco routers but this VPN3000 is proving to be a problem. pfs group2 is not necessary is it?
Any ideas on how I can troubleshoot this are appreciated. Thanks.
PIX VPN config
access-list nonatinside permit ip 192.168.0.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list tositeX permit ip 192.168.0.0 255.255.255.0 192.168.2.0 255.255.255.0
Re: Site-to-Site VPN between PIX and VPN 3000 fails phase 1
Thank you Arul. I will certainly do this when I can get hold of the admin of the VPN3000 who is not there at the moment. Are mismatched keys usually the problem when you get MM_KEY_EXCH errors? Thanks again.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...